Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities Network Vulnerability

Summary

The host is installed with Subversion and is prone to multiple Integer Overflow Vulnerabilities.

Impact

Attackers can exploit these issues to compromise an application using the library or crash the application, resulting into a denial of service conditions. Impact Level: Application

Solution

Apply the patch or Upgrade to Subversion version 1.5.7 or 1.6.4 http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt http://subversion.tigris.org/project_packages.html ***** NOTE: Please ignore this warning if the patch is applied. *****

Insight

The flaws are due to input validation errors in the processing of svndiff streams in the 'libsvn_delta' library.

Affected

Subversion version 1.5.6 and prior Subversion version 1.6.0 through 1.6.3

References

http://secunia.com/advisories/36184/
http://securitytracker.com/alerts/2009/Aug/1022697.html
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2411

CVSS	Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)
Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)
Apple QuickTime Multiple Vulnerabilities - Sep09
Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)

Take action and discover your vulnerabilities