Threat Encyclopedia

Subversion.WebDAV.REPORT.Query.Buffer.Overflow

description-logoDescription

This indicates an attempt to exploit a stack-based buffer overflow in Subversion.
The vulnerability is caused by an input validation error in the date-parsing code. A remote attacker can exploit this by sending a specially-crafted DAV2 REPORT query or get-dated-rev svn-protocol command, which may result in the execution of arbitrary code.

affected-products-logoAffected Products

Subversion Subversion 1.0.2
Subversion Subversion 1.0.1
Subversion Subversion 1.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the following websites:
Subversion Subversion 1.0
OpenPKG subversion-1.0.0-2.0.2.src.rpm:
ftp://ftp.openpkg.org/release/2.0/UPD/subversion-1.0.0-2.0.2.src.rpm
Subversion 1.0.3:
Subversion Subversion 1.0.1
Subversion 1.0.3:
Subversion Subversion 1.0.2
Subversion 1.0.3:

CVE References

CVE-2004-0397