Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Subversion | Subversion | * | 1.5.6 (including) |
| Subversion | Subversion | 0.22.1 (including) | 0.22.1 (including) |
| Subversion | Subversion | 0.23.0 (including) | 0.23.0 (including) |
| Subversion | Subversion | 0.24.0 (including) | 0.24.0 (including) |
| Subversion | Subversion | 0.24.1 (including) | 0.24.1 (including) |
| Subversion | Subversion | 0.24.2 (including) | 0.24.2 (including) |
| Subversion | Subversion | 0.25.0 (including) | 0.25.0 (including) |
| Subversion | Subversion | 0.27.0 (including) | 0.27.0 (including) |
| Subversion | Subversion | 0.28.0 (including) | 0.28.0 (including) |
| Subversion | Subversion | 0.28.1 (including) | 0.28.1 (including) |
| Subversion | Subversion | 0.28.2 (including) | 0.28.2 (including) |
| Subversion | Subversion | 0.29.0 (including) | 0.29.0 (including) |
| Subversion | Subversion | 0.30.0 (including) | 0.30.0 (including) |
| Subversion | Subversion | 0.31.0 (including) | 0.31.0 (including) |
| Subversion | Subversion | 0.32.0 (including) | 0.32.0 (including) |
| Subversion | Subversion | 0.32.1 (including) | 0.32.1 (including) |
| Subversion | Subversion | 0.33.0 (including) | 0.33.0 (including) |
| Subversion | Subversion | 0.33.1 (including) | 0.33.1 (including) |
| Subversion | Subversion | 0.34.0 (including) | 0.34.0 (including) |
| Subversion | Subversion | 0.35.0 (including) | 0.35.0 (including) |
| Subversion | Subversion | 0.35.1 (including) | 0.35.1 (including) |
| Subversion | Subversion | 0.36.0 (including) | 0.36.0 (including) |
| Subversion | Subversion | 0.37.0 (including) | 0.37.0 (including) |
| Subversion | Subversion | 1.0 (including) | 1.0 (including) |
| Subversion | Subversion | 1.0.0 (including) | 1.0.0 (including) |
| Subversion | Subversion | 1.0.1 (including) | 1.0.1 (including) |
| Subversion | Subversion | 1.0.2 (including) | 1.0.2 (including) |
| Subversion | Subversion | 1.0.3 (including) | 1.0.3 (including) |
| Subversion | Subversion | 1.0.4 (including) | 1.0.4 (including) |
| Subversion | Subversion | 1.0.5 (including) | 1.0.5 (including) |
| Subversion | Subversion | 1.0.6 (including) | 1.0.6 (including) |
| Subversion | Subversion | 1.0.7 (including) | 1.0.7 (including) |
| Subversion | Subversion | 1.0.8 (including) | 1.0.8 (including) |
| Subversion | Subversion | 1.0.9 (including) | 1.0.9 (including) |
| Subversion | Subversion | 1.1.0 (including) | 1.1.0 (including) |
| Subversion | Subversion | 1.1.0_rc1 (including) | 1.1.0_rc1 (including) |
| Subversion | Subversion | 1.1.0_rc2 (including) | 1.1.0_rc2 (including) |
| Subversion | Subversion | 1.1.0_rc3 (including) | 1.1.0_rc3 (including) |
| Subversion | Subversion | 1.1.1 (including) | 1.1.1 (including) |
| Subversion | Subversion | 1.1.2 (including) | 1.1.2 (including) |
| Subversion | Subversion | 1.1.3 (including) | 1.1.3 (including) |
| Subversion | Subversion | 1.1.4 (including) | 1.1.4 (including) |
| Subversion | Subversion | 1.2.0 (including) | 1.2.0 (including) |
| Subversion | Subversion | 1.2.1 (including) | 1.2.1 (including) |
| Subversion | Subversion | 1.2.2 (including) | 1.2.2 (including) |
| Subversion | Subversion | 1.2.3 (including) | 1.2.3 (including) |
| Subversion | Subversion | 1.3.0 (including) | 1.3.0 (including) |
| Subversion | Subversion | 1.3.1 (including) | 1.3.1 (including) |
| Subversion | Subversion | 1.3.2 (including) | 1.3.2 (including) |
| Subversion | Subversion | 1.4.0 (including) | 1.4.0 (including) |
| Subversion | Subversion | 1.4.1 (including) | 1.4.1 (including) |
| Subversion | Subversion | 1.4.2 (including) | 1.4.2 (including) |
| Subversion | Subversion | 1.4.3 (including) | 1.4.3 (including) |
| Subversion | Subversion | 1.4.4 (including) | 1.4.4 (including) |
| Subversion | Subversion | 1.4.5 (including) | 1.4.5 (including) |
| Subversion | Subversion | 1.5.0 (including) | 1.5.0 (including) |
| Subversion | Subversion | 1.5.1 (including) | 1.5.1 (including) |
| Subversion | Subversion | 1.5.3 (including) | 1.5.3 (including) |
| Subversion | Subversion | 1.5.4 (including) | 1.5.4 (including) |
| Subversion | Subversion | 1.5.5 (including) | 1.5.5 (including) |
| Subversion | Subversion | 1.6.0 (including) | 1.6.0 (including) |
| Subversion | Subversion | 1.6.1 (including) | 1.6.1 (including) |
| Subversion | Subversion | 1.6.2 (including) | 1.6.2 (including) |
| Subversion | Subversion | 1.6.3 (including) | 1.6.3 (including) |
| Red Hat Enterprise Linux 4 | RedHat | subversion-0:1.1.4-3.el4_8.2 | * |
| Red Hat Enterprise Linux 5 | RedHat | subversion-0:1.4.2-4.el5_3.1 | * |
| Subversion | Ubuntu | dapper | * |
| Subversion | Ubuntu | hardy | * |
| Subversion | Ubuntu | intrepid | * |
| Subversion | Ubuntu | jaunty | * |
| Subversion | Ubuntu | upstream | * |
References
- http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://osvdb.org/56856
- http://secunia.com/advisories/36184
- http://secunia.com/advisories/36224
- http://secunia.com/advisories/36232
- http://secunia.com/advisories/36257
- http://secunia.com/advisories/36262
- http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
- http://support.apple.com/kb/HT3937
- http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
- http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
- http://svn.haxx.se/dev/archive-2009-08/0107.shtml
- http://svn.haxx.se/dev/archive-2009-08/0108.shtml
- http://svn.haxx.se/dev/archive-2009-08/0110.shtml
- http://www.debian.org/security/2009/dsa-1855
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
- http://www.redhat.com/support/errata/RHSA-2009-1203.html
- http://www.securityfocus.com/bid/35983
- http://www.securitytracker.com/id?1022697
- http://www.ubuntu.com/usn/usn-812-1
- http://www.vupen.com/english/advisories/2009/2180
- http://www.vupen.com/english/advisories/2009/3184
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html
- http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://osvdb.org/56856
- http://secunia.com/advisories/36184
- http://secunia.com/advisories/36224
- http://secunia.com/advisories/36232
- http://secunia.com/advisories/36257
- http://secunia.com/advisories/36262
- http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
- http://support.apple.com/kb/HT3937
- http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
- http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
- http://svn.haxx.se/dev/archive-2009-08/0107.shtml
- http://svn.haxx.se/dev/archive-2009-08/0108.shtml
- http://svn.haxx.se/dev/archive-2009-08/0110.shtml
- http://www.debian.org/security/2009/dsa-1855
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
- http://www.redhat.com/support/errata/RHSA-2009-1203.html
- http://www.securityfocus.com/bid/35983
- http://www.securitytracker.com/id?1022697
- http://www.ubuntu.com/usn/usn-812-1
- http://www.vupen.com/english/advisories/2009/2180
- http://www.vupen.com/english/advisories/2009/3184
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html