FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

subversion date parsing vulnerability

Affected packages
subversion < 1.0.2_1

Details

VuXML ID 5d36ef32-a9cf-11d8-9c6d-0020ed76ef5a
Discovery 2004-05-19
Entry 2004-05-19

Stefan Esser reports:

Subversion versions up to 1.0.2 are vulnerable to a date parsing vulnerability which can be abused to allow remote code execution on Subversion servers and therefore could lead to a repository compromise.

NOTE: This vulnerability is similar to the date parsing issue that affected neon. However, it is a different and distinct bug.

References

CVE Name CVE-2004-0397
URL http://security.e-matters.de/advisories/082004.html