#24284 – CVE-2010-3315: mod_dav_svn - bypass intended access restrictions via svn commands

Bug 24284 - CVE-2010-3315: mod_dav_svn - bypass intended access restrictions via svn commands

Summary: CVE-2010-3315: mod_dav_svn - bypass intended access restrictions via svn comm...

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	subversion (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	Andrey Cherepanov
QA Contact:	qa-sisyphus

URL:	http://subversion.apache.org/security...
Keywords:	security

Depends on:
Blocks:

Reported:	2010-10-13 09:56 MSD by Vladimir Lettiev
Modified:	2010-10-21 09:00 MSD (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2010-10-13 09:56:58 MSD

Subversion servers up to 1.6.12 (inclusive) making use of the "SVNPathAuthz short_circuit" mod_dav_svn configuration setting have a bug which may allow users to write and/or read portions of the repository to which they are not intended to have access.

Fixed in 1.6.13

Comment 1 Afanasov Dmitry 2010-10-13 12:55:06 MSD

как, crux на меня CVE вешает :)

Comment 2 Vladimir Lettiev 2010-10-21 09:00:07 MSD

subversion-1.6.13-alt1 -> sisyphus:

* Tue Oct 19 2010 Afanasov Dmitry <ender@altlinux> 1.6.13-alt1
- updated to 1.6.13 (CVE-2010-3315, closes: #24284)