svn断言失败拒绝服务/读溢出漏洞(CVE

发布日期:2013-07-22
更新日期:2013-07-26

受影响系统:
Subversion Subversion HTTPD servers 1.8.0
Subversion Subversion HTTPD servers 1.7.0 - 1.7.10
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2013-4131

Subversion是一款开源多用户版本控制系统,支持非ASCII文本和二进制数据。

Subversion的mod_dav_svn Apache HTTPD服务器模块对源代码根目录执行某些请求时(例如DELETE HTTP、MOVE HTTP、COPY HTTP)会触发断言,造成拒绝服务。如果断言被禁用,则会触发读溢出,造成段错误或其他不明影响。

<*来源:Daniel Shahaf
 
  链接:
*>

建议:
--------------------------------------------------------------------------------
临时解决方法:

Patches:
========

Patch for Subversion 1.7.x and 1.8.0:
[[[
Index: subversion/mod_dav_svn/repos.c
===================================================================
--- subversion/mod_dav_svn/repos.c    (revision 1503527)
+++ subversion/mod_dav_svn/repos.c    (revision 1503528)
@@ -2408,21 +2408,12 @@
                svn_boolean_t is_urlpath,
                apr_pool_t *pool)
{
-  apr_size_t len;
-  char *tmp = apr_pstrdup(pool, path);
-
-  len = strlen(tmp);
-
-  if (len > 0)
+  if (*path != '\0') /* not an empty string */
    {
-      /* Remove any trailing slash; else svn_path_dirname() asserts. */
-      if (tmp[len-1] == '/')
-        tmp[len-1] = '\0';
-
      if (is_urlpath)
-        return svn_urlpath__dirname(tmp, pool);
+        return svn_urlpath__dirname(path, pool);
      else
-        return svn_fspath__dirname(tmp, pool);
+        return svn_fspath__dirname(path, pool);
    }

return path;
@@ -2458,7 +2449,9 @@
      parent->versioned = 1;
      parent->hooks = resource->hooks;
      parent->pool = resource->pool;
-      parent->uri = get_parent_path(resource->uri, TRUE, resource->pool);
+      parent->uri = get_parent_path(svn_urlpath__canonicalize(resource->uri,
+                                                              resource->pool),
+                                    TRUE, resource->pool);
      parent->info = parentinfo;

parentinfo->uri_path =
]]]

厂商补丁:

Subversion
----------
Subversion已经为此发布了一个安全公告(CVE-2013-4131-advisory)以及相应补丁:
CVE-2013-4131-advisory:CVE-2013-4131-advisory
链接:

补丁下载:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/pfswg.html