FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0397

This CVE name corresponds to:

Entered Topic
2004-05-19 subversion date parsing vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0397 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0397
Phase Assigned(20040413)

Description

Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.

References

Source Reference
FULLDISC 20040519 Advisory 08/2004: Subversion remote vulnerability
BUGTRAQ 20040519 Advisory 08/2004: Subversion remote vulnerability
MISC http://security.e-matters.de/advisories/082004.html
CONFIRM http://subversion.tigris.org/svn-sscanf-advisory.txt
FEDORA FEDORA-2004-128
FEDORA FLSA:1748
GENTOO GLSA-200405-14
BUGTRAQ 20040519 [OpenPKG-SA-2004.023] OpenPKG Security Advisory (subversion)
BID 10386
OSVDB 6301
SECUNIA 11642
SECUNIA 11675
XF subversion-date-parsing-command-execution(16191)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.