Test ID:	1.3.6.1.4.1.25623.1.0.64634
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1855-1)
Summary:	The remote host is missing an update for the Debian 'subversion' package(s) announced via the DSA-1855-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'subversion' package(s) announced via the DSA-1855-1 advisory. Vulnerability Insight: Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases. For the old stable distribution (etch), this problem has been fixed in version 1.4.2dfsg1-3. For the stable distribution (lenny), this problem has been fixed in version 1.5.1dfsg1-4. For the unstable distribution (sid), this problem has been fixed in version 1.6.4dfsg-1. We recommend that you upgrade your Subversion packages. Affected Software/OS: 'subversion' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2411 1022697 http://www.securitytracker.com/id?1022697 20090807 Subversion heap overflow http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html 35983 http://www.securityfocus.com/bid/35983 36184 http://secunia.com/advisories/36184 36224 http://secunia.com/advisories/36224 36232 http://secunia.com/advisories/36232 36257 http://secunia.com/advisories/36257 36262 http://secunia.com/advisories/36262 56856 http://osvdb.org/56856 ADV-2009-2180 http://www.vupen.com/english/advisories/2009/2180 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1855 http://www.debian.org/security/2009/dsa-1855 FEDORA-2009-8432 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html FEDORA-2009-8449 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html MDVSA-2009:199 http://www.mandriva.com/security/advisories?name=MDVSA-2009:199 RHSA-2009:1203 http://www.redhat.com/support/errata/RHSA-2009-1203.html USN-812-1 http://www.ubuntu.com/usn/usn-812-1 [dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411 http://svn.haxx.se/dev/archive-2009-08/0110.shtml [dev] 20090806 Subversion 1.5.7 Released http://svn.haxx.se/dev/archive-2009-08/0108.shtml [dev] 20090806 Subversion 1.6.4 Released http://svn.haxx.se/dev/archive-2009-08/0107.shtml http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt http://support.apple.com/kb/HT3937 http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES oval:org.mitre.oval:def:11465 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.