发布日期:2013-07-22
更新日期:2013-07-26
受影响系统:
Subversion Subversion HTTPD servers 1.8.0
Subversion Subversion HTTPD servers 1.7.0 - 1.7.10
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2013-4131
Subversion是一款开源多用户版本控制系统,支持非ASCII文本和二进制数据。
Subversion的mod_dav_svn Apache HTTPD服务器模块对源代码根目录执行某些请求时(例如DELETE HTTP、MOVE HTTP、COPY HTTP)会触发断言,造成拒绝服务。如果断言被禁用,则会触发读溢出,造成段错误或其他不明影响。
建议:
--------------------------------------------------------------------------------
临时解决方法:
Patches:
========
Patch for Subversion 1.7.x and 1.8.0:
[[[
Index: subversion/mod_dav_svn/repos.c
===================================================================
--- subversion/mod_dav_svn/repos.c (revision 1503527)
+++ subversion/mod_dav_svn/repos.c (revision 1503528)
@@ -2408,21 +2408,12 @@
svn_boolean_t is_urlpath,
apr_pool_t *pool)
{
- apr_size_t len;
- char *tmp = apr_pstrdup(pool, path);
-
- len = strlen(tmp);
-
- if (len > 0)
+ if (*path != '\0') /* not an empty string */
{
- /* Remove any trailing slash; else svn_path_dirname() asserts. */
- if (tmp[len-1] == '/')
- tmp[len-1] = '\0';
-
if (is_urlpath)
- return svn_urlpath__dirname(tmp, pool);
+ return svn_urlpath__dirname(path, pool);
else
- return svn_fspath__dirname(tmp, pool);
+ return svn_fspath__dirname(path, pool);
}
return path;
@@ -2458,7 +2449,9 @@
parent->versioned = 1;
parent->hooks = resource->hooks;
parent->pool = resource->pool;
- parent->uri = get_parent_path(resource->uri, TRUE, resource->pool);
+ parent->uri = get_parent_path(svn_urlpath__canonicalize(resource->uri,
+ resource->pool),
+ TRUE, resource->pool);
parent->info = parentinfo;
parentinfo->uri_path =
]]]
厂商补丁:
Subversion
----------
Subversion已经为此发布了一个安全公告(CVE-2013-4131-advisory)以及相应补丁:
CVE-2013-4131-advisory:CVE-2013-4131-advisory
链接: