Info

Disclosure

May 19, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Subversion. The Subversion fails to check the boundary when calling sscanf() to decode old-styled date strings. By sending a specially crafted request via a DAV2 REPORT query or get-dated-rev svn-protocol command, a remote attacker can cause a buffer overflow and execute arbitrary code, resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

CollabNet, Inc.

Subversion

1.0.2

References

Bugtraq ID: 10386
Secunia Advisory ID: 11642 11659 11675
CVE ID: 2004-0397 (see also: NVD)
Milw0rm: 304
Exploit Database: 304
Metasploit ID: 6301
Generic Exploit URL: http://immunitysec.com
Generic Informational URL: http://security.e-matters.de/advisories/082004.html [ Link is 404 ]
Vendor URL: http://subversion.tigris.org/
Vendor Specific Advisory URL: http://subversion.tigris.org/svn-sscanf-advisory.txt
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200405-14.xml

Credit

Stefan Esser - sesserhardened-php.net - www.hardened-php.net

Direct URL: http://osvdb.org/6301