{ "id": "CVE-2009-2411", "sourceIdentifier": "secalert@redhat.com", "published": "2009-08-07T19:30:00.297", "lastModified": "2017-09-19T01:29:06.357", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de entero en la biblioteca libsvn_delta en Subversion anterior a v1.5.7 y v1.6.x anterior a v1.6.4, permite a los usuarios remotos autenticados y a los servidores Subversion remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un flujo (stream) svndiff con grandes ventanas que desencadenan un desbordamiento de b\u00fafer basado en memoria din\u00e1mica, una cuesti\u00f3n relacionada con CVE-2009-2412." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 8.5 }, "baseSeverity": "HIGH", "exploitabilityScore": 6.8, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-189" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.5.6", "matchCriteriaId": "0434A631-5531-4C32-B5C5-730CA1890441" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "46EA6517-6361-449E-8A50-3E8706A71211" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "473B6660-AED8-4805-A48F-F4A18A4AB94F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F087A7F-7D7D-4377-B7CD-FC0775A33568" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.24.1:*:*:*:*:*:*:*", "matchCriteriaId": "00E49F61-BC1D-4B0F-859F-89C331DA0E39" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.24.2:*:*:*:*:*:*:*", "matchCriteriaId": "D44285DE-6FD7-4B0D-9715-1E6D31FAB6BC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.25.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D18EA18-8EB3-4924-B428-A4D329A87C8B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.27.0:*:*:*:*:*:*:*", "matchCriteriaId": "48BB82A4-223F-43E3-8EE2-BA6276F51A1A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE0D2D18-5141-4070-9390-2027967CBD4E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.28.1:*:*:*:*:*:*:*", "matchCriteriaId": "07F3F14A-AD74-4318-A830-08DED8189E7D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.28.2:*:*:*:*:*:*:*", "matchCriteriaId": "56ADDE86-635F-4F24-A320-CBBE076BA182" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.29.0:*:*:*:*:*:*:*", "matchCriteriaId": "56AD9198-B051-4E0E-9B0B-CE99346EFF05" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.30.0:*:*:*:*:*:*:*", "matchCriteriaId": "A81E5045-969D-4064-A7DB-9F902D600251" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "61B5A517-AAD4-44AE-8B1B-F1BA3F9C21B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.32.0:*:*:*:*:*:*:*", "matchCriteriaId": "5342EE15-7AAD-4666-BEFB-172A7CE5BC96" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.32.1:*:*:*:*:*:*:*", "matchCriteriaId": "71AD1DC9-1BEA-4C81-A4EF-B78B2344C65E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.33.0:*:*:*:*:*:*:*", "matchCriteriaId": "01A71B55-7F08-40BD-A60E-4EF679388B1F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.33.1:*:*:*:*:*:*:*", "matchCriteriaId": "39AA93C8-0CC1-46D0-8B67-2A3846BBDA45" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC08C9E-DC76-4F5E-9CA2-7952CC332EB2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "8BB20C00-C6D6-4175-B659-018C4F4A1167" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "139E706E-202C-45B4-A5E3-2CDEEA14E20B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF79BC49-E4CD-4DCA-860F-A27F0371D4B1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:0.37.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C12BDC3-6B07-47DD-96C8-1FA9F4B7BFE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4F10E314-3897-4A63-AE40-F4E34C3F0BFA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DD801B94-DBE2-4A65-9428-8D4FC581866A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "47B95A69-2535-4844-B819-082D4349708C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "930953B4-E972-48FB-913B-169E91F93FD6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B41D875-F515-4A3F-9AA5-79BD09F74C30" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3A8CCC20-8986-4028-B125-66F371A4A1D1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6E07F13C-A6FC-49E8-B10E-E4FC1F182DA5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "04AB9C70-10CB-460B-91AD-1D79C9153194" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "E1E718DB-2A79-4277-BA15-6E6A904E483A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "9E10F1DA-64E9-4567-8727-3AE8A6788A23" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "3A8CED53-EC94-480C-BCBD-EE045F0AA2A4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "27FC24BB-5BF3-4A25-A5C0-F5A224736F77" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "286B7EBD-D663-440C-859B-1E0EE839AEB9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "408EC889-4D8B-49FC-9281-AC85559BB774" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "F1E2A83E-A244-4F1E-85E9-6EA075D32C5B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "212AC756-866F-43F6-9659-61554824B884" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B612E0A1-C0F8-4E69-B32C-356ADE7F82E2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "19B8E241-9E28-4627-8FBB-18CF5D12B11C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "C3D528D6-37F5-40D0-BAF2-CCA214862C19" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E73FF73-1F94-4657-83E2-375311A94440" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F2FAC312-66F0-4C9E-95DF-0C61F07A834D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CC9E80F6-728C-4474-AB90-23DF119E83DA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "051434CF-6B62-4C29-B71A-C8800F048A07" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "339A1BAC-F631-4355-9889-CE5EAC2FCB46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "72315FB6-EDB2-43AB-9DA8-E27118C84C08" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "6C099833-CC13-47DD-9E6A-E10BF8103401" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EAF74121-52AC-4EA8-9B51-BA68ED766ABC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC6B791F-2DB2-4428-80DB-3203FD8868ED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "BE0754E5-044C-445B-846F-1B7C7664F6BC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "0D938FBF-02E3-4713-A7DB-7C552C65471C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A882A7B-5E03-4FC4-A92E-3681C67A0CA6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "4AF0C2C6-5FC0-4FB2-B31C-B9174789F904" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3D435D7-F523-4B8B-988F-37F85DA7ECCB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5CCBE47-1BD4-494A-8B9B-CB062F9741B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "457BD304-23A2-4FB4-AE9F-9F462DC27DD2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "7899D782-7544-4113-AE78-B724689EDC74" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "85E5887A-A560-40AA-96D4-45D65D9A9C16" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C461DA24-27D3-44C6-A5A3-17716616C696" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FBF9A45-958C-4C65-B8AE-A7214D6A6922" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "3DE31846-6A08-47D5-8D20-D627DED5D8E4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:subversion:subversion:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "45B6D800-A4A5-4835-941C-31C3FD00D5F9" } ] } ] } ], "references": [ { "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html", "source": "secalert@redhat.com" }, { "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", "source": "secalert@redhat.com" }, { "url": "http://osvdb.org/56856", "source": "secalert@redhat.com" }, { "url": "http://secunia.com/advisories/36184", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/36224", "source": "secalert@redhat.com" }, { "url": "http://secunia.com/advisories/36232", "source": "secalert@redhat.com" }, { "url": "http://secunia.com/advisories/36257", "source": "secalert@redhat.com" }, { "url": "http://secunia.com/advisories/36262", "source": "secalert@redhat.com" }, { "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt", "source": "secalert@redhat.com" }, { "url": "http://support.apple.com/kb/HT3937", "source": "secalert@redhat.com" }, { "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES", "source": "secalert@redhat.com" }, { "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES", "source": "secalert@redhat.com" }, { "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml", "source": "secalert@redhat.com" }, { "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml", "source": "secalert@redhat.com" }, { "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml", "source": "secalert@redhat.com" }, { "url": "http://www.debian.org/security/2009/dsa-1855", "source": "secalert@redhat.com" }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199", "source": "secalert@redhat.com" }, { "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html", "source": "secalert@redhat.com" }, { "url": "http://www.securityfocus.com/bid/35983", "source": "secalert@redhat.com" }, { "url": "http://www.securitytracker.com/id?1022697", "source": "secalert@redhat.com" }, { "url": "http://www.ubuntu.com/usn/usn-812-1", "source": "secalert@redhat.com" }, { "url": "http://www.vupen.com/english/advisories/2009/2180", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2009/3184", "source": "secalert@redhat.com" }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465", "source": "secalert@redhat.com" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html", "source": "secalert@redhat.com" }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html", "source": "secalert@redhat.com" } ] }