Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 20 Jan 2009 20:53:05 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: WebSVN


Use CVE-2009-0240 for the recent authorization issue.

Note that CVE-2008-5918, CVE-2008-5919, and CVE-2008-5920 were assigned to
older WebSVN issues that were disclosed in October 2008.

- Steve


======================================================
Name: CVE-2008-5918
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5918
Reference: MILW0RM:6822
Reference: URL:http://www.milw0rm.com/exploits/6822
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008
Reference: CONFIRM:http://websvn.tigris.org/issues/show_bug.cgi?id=179
Reference: CONFIRM:http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
Reference: BID:31891
Reference: URL:http://www.securityfocus.com/bid/31891
Reference: SECUNIA:32338
Reference: URL:http://secunia.com/advisories/32338
Reference: XF:websvn-index-xss(46048)
Reference: URL:http://xforce.iss.net/xforce/xfdb/46048

Cross-site scripting (XSS) vulnerability in the
getParameterisedSelfUrl function in index.php in WebSVN 2.0 and
earlier allows remote attackers to inject arbitrary web script or HTML
via the PATH_INFO.


======================================================
Name: CVE-2008-5919
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5919
Reference: MILW0RM:6822
Reference: URL:http://www.milw0rm.com/exploits/6822
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008
Reference: CONFIRM:http://websvn.tigris.org/issues/show_bug.cgi?id=179
Reference: CONFIRM:http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
Reference: BID:31891
Reference: URL:http://www.securityfocus.com/bid/31891
Reference: SECUNIA:32338
Reference: URL:http://secunia.com/advisories/32338
Reference: XF:websvn-rss-directory-traversal(46050)
Reference: URL:http://xforce.iss.net/xforce/xfdb/46050

Directory traversal vulnerability in rss.php in WebSVN 2.0 and
earlier, when magic_quotes_gpc is disabled, allows remote attackers to
overwrite arbitrary files via directory traversal sequences in the rev
parameter.


======================================================
Name: CVE-2008-5920
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5920
Reference: MILW0RM:6822
Reference: URL:http://www.milw0rm.com/exploits/6822
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008
Reference: BID:31891
Reference: URL:http://www.securityfocus.com/bid/31891

The create_anchors function in utils.inc in WebSVN 1.x allows remote
attackers to execute arbitrary PHP code via a crafted username that is
processed by the preg_replace function with the eval switch.


======================================================
Name: CVE-2009-0240
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0240
Reference: MLIST:[oss-security] 20090118 CVE request: WebSVN
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/18/2
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191
Reference: SECUNIA:32338
Reference: URL:http://secunia.com/advisories/32338

listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN
authz file, allows remote authenticated users to read changelogs or
diffs for restricted projects via a modified repname parameter.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.