Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0397

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0397
Last Modified 05 Sep 2008 04:38:19
Published 07 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0397

Summary

Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.

Vulnerable Systems

Application

  • Subversion 1.0

  • Subversion 1.0.1

  • Subversion 1.0.2


References

XF - subversion-date-parsing-command-execution(16191)

BID - 10386

BUGTRAQ - 20040519 [OpenPKG-SA-2004.023] OpenPKG Security Advisory (subversion)

FEDORA - FLSA:1748

FEDORA - FEDORA-2004-128

MISC - http://security.e-matters.de/advisories/082004.html

BUGTRAQ - 20040519 Advisory 08/2004: Subversion remote vulnerability

OSVDB - 6301

GENTOO - GLSA-200405-14

CONFIRM - http://subversion.tigris.org/svn-sscanf-advisory.txt

SECUNIA - 11675

SECUNIA - 11642


Last Updated: 27 May 2016 10:38:35