You are here

V-129: Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities

April 9, 2013 - 2:36am

Addthis

PROBLEM:

Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities

PLATFORM:

Apache Subversion 1.x

ABSTRACT:

Multiple vulnerabilities have been reported in Apache Subversion

REFERENCE LINKS:

Secunia Advisory SA52966
CVE-2013-1845
CVE-2013-1846
CVE-2013-1847
CVE-2013-1849
CVE-2013-1884

IMPACT ASSESSMENT:

Medium

DISCUSSION:

1) An error within the mod_dav_svn module when setting or deleting large number of properties of the node can be exploited to cause a memory exhaustion.

2) A NULL pointer dereference error in the mod_dav_svn module when processing LOCK request on an activity URL can be exploited to cause a crash.

3) A NULL pointer dereference error in the mod_dav_svn module when processing LOCK request against a URL for a non-existent path or an invalid activity URL supporting anonymous locks can be exploited to cause a crash.

Successful exploitation requires auto-versioning to be enabled and usage of non-SVN DAV client.

4) A NULL pointer dereference error in the mod_dav_svn module when processing PROPFIND request on an activity URL can be exploited to cause a crash.

5) An error within the mod_dav_svn module when handling log REPORT request with a limit outside the allowed range can be exploited to cause a crash.

IMPACT:

Apache Subversion can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

SOLUTION:

Update to version 1.6.21 or 1.7.9.

Addthis