Download
| Alert*
oval:org.secpod.oval:def:15918
The host is installed with Apache Subversion 1.4.0 through 1.7.12 or 1.8.0 through 1.8.1 and is prone to local privilege escalation vulnerability. The flaw is present in Svnserve in Apache Subversion, which fails to properly handle a symlink attack on the file specified by the --pid-file option. Suc ... oval:org.secpod.oval:def:1300227 Updated subversion package fixes security vulnerability: svnserve takes a --pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivi ... oval:org.secpod.oval:def:105940 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... |