[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.4] subversion: Arbitrary code execution on clients through malicious svn+ssh URLs (CVE-2017-9800)

ID: oval:org.secpod.oval:def:1800051Date: (C)2018-03-28   (M)2023-11-10
Class: PATCHFamily: unix




A Subversion client sometimes connects to URLs provided by the repository.This happens in two primary cases: during "checkout", "export", "update", and"switch", when the tree being downloaded contains svn:externals properties; and when using "svnsync sync" with one URL argument. A maliciously constructed svn+ssh:// URL would cause Subversion clients to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server , or by a proxy server. The vulnerability affects all clients, including those that use file://, and plain svn://. Fixed In Version: subversion 1.8.18, subversion 1.9.7

Platform:
Alpine Linux 3.4
Product:
subversion
Reference:
7670
CVE-2017-9800
CVE    1
CVE-2017-9800
CPE    14
cpe:/a:apache:subversion:1.9.0
cpe:/a:apache:subversion:1.10.0:alpha1
cpe:/a:apache:subversion:1.9.1
cpe:/a:apache:subversion:1.10.0:alpha2
...

© SecPod Technologies