what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2017-9800

Status Candidate

Overview

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

Related Files

Ubuntu Security Notice USN-3388-2
Posted Oct 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3388-2 - USN-3388-1 fixed several vulnerabilities in Subversion. This update provides the corresponding update for Ubuntu 12.04 ESM. Ivan Zhakov discovered that Subversion did not properly handle some requests. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-2167, CVE-2016-2168, CVE-2017-9800
SHA-256 | a687e5391fa1b5969d8465cd6fe1b7abad9ba098f227067976e565ef0aebea20
Apple Security Advisory 2017-09-19-3
Posted Sep 20, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-09-19-3 - Xcode 9 is now available and addresses code execution and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2017-1000117, CVE-2017-7076, CVE-2017-7134, CVE-2017-7135, CVE-2017-7136, CVE-2017-7137, CVE-2017-9800
SHA-256 | b323f39eaec8eb4fc3557dbe54e6dc9f0deb4ab6e1e1465cd32b69c5e7ba3a49
Gentoo Linux Security Advisory 201709-09
Posted Sep 18, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-9 - A command injection vulnerability in Subversion may allow remote attackers to execute arbitrary code. Versions less than 1.9.7 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2017-9800
SHA-256 | 71ad2e3ea855a8a91408fb8dc7d0efea59a1c6f92a7d8dacb8134433f2085bb4
SourceTree Remote Code Execution
Posted Sep 7, 2017
Authored by David Black | Site atlassian.com

SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected.

tags | advisory, remote, vulnerability, code execution
systems | windows
advisories | CVE-2017-1000115, CVE-2017-1000116, CVE-2017-1000117, CVE-2017-9800
SHA-256 | 1e50b9884995c5b9c544b4aa24ba0de7ea8f777b919770ce1a23e318b7d2c761
Red Hat Security Advisory 2017-2480-01
Posted Aug 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2480-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2017-9800
SHA-256 | df291b510e9dfcfc2d41578aecfc04746ad24357f66177f386b938dbfe619a0f
Debian Security Advisory 3932-1
Posted Aug 11, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3932-1 - Several problems were discovered in Subversion, a centralized version control system.

tags | advisory
systems | linux, debian
advisories | CVE-2016-8734, CVE-2017-9800
SHA-256 | a1bdde86fa5407458eda66de508e4072a37aa16fa1bdedce2c8ce794840af2d4
Apache Subversion Arbitrary Code Execution
Posted Aug 11, 2017
Site subversion.apache.org

Apache Subversion has released version 1.9.7 which addresses an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2017-9800
SHA-256 | 585a9fde58f7e2538f6923e554f14c1d32f0baf2b51e326916874d231c289c2b
Ubuntu Security Notice USN-3388-1
Posted Aug 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3388-1 - Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. Daniel Shahaf and James McCoy discovered that Subversion did not properly verify realms when using Cyrus SASL authentication. A remote attacker could use this to possibly bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2167, CVE-2016-8734, CVE-2017-9800
SHA-256 | afb947313ea3b2743fc9ec546b5a4c8ac5e42c19227852d40f19315d56ae31a2
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close