[Forgot Password]
Login  Register Subscribe

24002

 
 

127027

 
 

102010

 
 

909

 
 

81374

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-2411Date: (C)2009-08-07   (M)2018-02-19


Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  : 8.5
Exploit Score: Exploit Score: 6.8
Impact Score : Impact Score : 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: SINGLE_INSTANCE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  





Reference:
SECTRACK-1022697
http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
BID-35983
SECUNIA-36184
SECUNIA-36224
SECUNIA-36232
SECUNIA-36257
SECUNIA-36262
OSVDB-56856
ADV-2009-2180
ADV-2009-3184
APPLE-SA-2009-11-09-1
DSA-1855
FEDORA-2009-8432
FEDORA-2009-8449
MDVSA-2009:199
RHSA-2009:1203
USN-812-1
http://svn.haxx.se/dev/archive-2009-08/0110.shtml
http://svn.haxx.se/dev/archive-2009-08/0108.shtml
http://svn.haxx.se/dev/archive-2009-08/0107.shtml
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
http://support.apple.com/kb/HT3937
http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES

CWE    1
CWE-189
OVAL    12
oval:org.secpod.oval:def:300730
oval:org.secpod.oval:def:202221
oval:org.secpod.oval:def:201974
oval:org.secpod.oval:def:300952
...

© 2013 SecPod Technologies