Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Tue, 20 Jan 2009 20:53:05 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: WebSVN


Use CVE-2009-0240 for the recent authorization issue.

Note that CVE-2008-5918, CVE-2008-5919, and CVE-2008-5920 were assigned to
older WebSVN issues that were disclosed in October 2008.

- Steve


======================================================
Name: CVE-2008-5918
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5918
Reference: MILW0RM:6822
Reference: URL:http://www.milw0rm.com/exploits/6822
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008
Reference: CONFIRM:http://websvn.tigris.org/issues/show_bug.cgi?id=179
Reference: CONFIRM:http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
Reference: BID:31891
Reference: URL:http://www.securityfocus.com/bid/31891
Reference: SECUNIA:32338
Reference: URL:http://secunia.com/advisories/32338
Reference: XF:websvn-index-xss(46048)
Reference: URL:http://xforce.iss.net/xforce/xfdb/46048

Cross-site scripting (XSS) vulnerability in the
getParameterisedSelfUrl function in index.php in WebSVN 2.0 and
earlier allows remote attackers to inject arbitrary web script or HTML
via the PATH_INFO.


======================================================
Name: CVE-2008-5919
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5919
Reference: MILW0RM:6822
Reference: URL:http://www.milw0rm.com/exploits/6822
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008
Reference: CONFIRM:http://websvn.tigris.org/issues/show_bug.cgi?id=179
Reference: CONFIRM:http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
Reference: BID:31891
Reference: URL:http://www.securityfocus.com/bid/31891
Reference: SECUNIA:32338
Reference: URL:http://secunia.com/advisories/32338
Reference: XF:websvn-rss-directory-traversal(46050)
Reference: URL:http://xforce.iss.net/xforce/xfdb/46050

Directory traversal vulnerability in rss.php in WebSVN 2.0 and
earlier, when magic_quotes_gpc is disabled, allows remote attackers to
overwrite arbitrary files via directory traversal sequences in the rev
parameter.


======================================================
Name: CVE-2008-5920
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5920
Reference: MILW0RM:6822
Reference: URL:http://www.milw0rm.com/exploits/6822
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008
Reference: BID:31891
Reference: URL:http://www.securityfocus.com/bid/31891

The create_anchors function in utils.inc in WebSVN 1.x allows remote
attackers to execute arbitrary PHP code via a crafted username that is
processed by the preg_replace function with the eval switch.


======================================================
Name: CVE-2009-0240
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0240
Reference: MLIST:[oss-security] 20090118 CVE request: WebSVN
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/18/2
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191
Reference: SECUNIA:32338
Reference: URL:http://secunia.com/advisories/32338

listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN
authz file, allows remote authenticated users to read changelogs or
diffs for restricted projects via a modified repname parameter.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux