[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: You know you've made it when...

From: <kfogel_at_collab.net>
Date: 2004-10-12 20:19:36 CEST

"Wadsworth, Eric (Contractor)" <WADSWORE@fhu.disa.mil> writes:
> ============
> Subversion is another version control system for Linux that is gaining
> popularity. The project was started with an aim of designing a better system
> than the CVS. A Subversion repository can be accessed via the "svn"
> protocol, if the repository is running "svnserve". The svn server runs on
> port 3690/tcp by default. The server contains the following vulnerabilities:
>
> * A heap-based overflow that can be exploited by an unauthenticated attacker
> to execute arbitrary code.
> * A stack-based overflow that can be triggered by a specially crafted
> get-dated-rev svn command. If the server is configured for anonymous access,
> an unauthenticated attacker may exploit arbitrary code on the server.
> Multiple exploits for this flaw have been posted to the Internet.
> ============
>
> These are non-issues if you're using apache instead of svnserve, right?

Right. There may be *other* issues, but not these ones.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Oct 12 22:09:10 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.