|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200407-20] Subversion: Vulnerability in mod_authz_svn Vulnerability Scan
Vulnerability Scan Summary Subversion: Vulnerability in mod_authz_svn
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200407-20
(Subversion: Vulnerability in mod_authz_svn)
Users with write access to part of a Subversion repository may bypass read
restrictions on any part of that repository. This can be done using an
"svn copy" command to copy the portion of a repository the user
wishes to read into an area where they have write access.
Since copies are versioned, any such copy attempts will be readily
apparent.
Impact
This is a low-risk vulnerability. It affects only users of Subversion who
are running servers inside Apache and using mod_authz_svn. Additionally,
this vulnerability may be exploited only by users with write access to some
portion of a repository.
Workaround
Keep sensitive content separated into different Subversion repositories, or
disable the Apache Subversion server and use svnserve instead.
References:
http://svn.collab.net/repos/svn/tags/1.0.6/CHANGES
Solution:
All Subversion users should upgrade to the latest available version:
# emerge sync
# emerge -pv ">=dev-util/subversion-1.0.6"
# emerve ">=dev-util/subversion-1.0.6"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|