[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-2411

Date: (C)2009-08-07   (M)2017-09-22
 
CVSS Score: 8.5Access Vector: NETWORK
Exploitability Subscore: 6.8Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: SINGLE_INSTANCE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Reference:
SECTRACK-1022697
http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
BID-35983
SECUNIA-36184
SECUNIA-36224
SECUNIA-36232
SECUNIA-36257
SECUNIA-36262
OSVDB-56856
ADV-2009-2180
ADV-2009-3184
APPLE-SA-2009-11-09-1
DSA-1855
FEDORA-2009-8432
FEDORA-2009-8449
MDVSA-2009:199
RHSA-2009:1203
USN-812-1
http://svn.haxx.se/dev/archive-2009-08/0110.shtml
http://svn.haxx.se/dev/archive-2009-08/0108.shtml
http://svn.haxx.se/dev/archive-2009-08/0107.shtml
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
http://support.apple.com/kb/HT3937
http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES

CWE    1
CWE-189
OVAL    12
oval:org.secpod.oval:def:300730
oval:org.mitre.oval:def:8147
oval:org.secpod.oval:def:700442
oval:org.secpod.oval:def:600500
...

© 2013 SecPod Technologies