Bug 680755 (CVE-2011-0715)

Summary: CVE-2011-0715 subversion (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jorton, security-response-team, vkrizan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-29 14:02:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 681171, 681172, 681173, 681174, 683198, 812249, 893082    
Bug Blocks:    

Description Jan Lieskovsky 2011-02-27 15:01:38 UTC 
A NULL pointer dereference flaw was found in the way mod_dav_svn,
Apache httpd module for Subversion server, processed requests to
lock working copy paths in the repository, when particular Subversion
client, requesting the lock, was not previously authenticated to 
the Subversion server. A remote attacker could use this flaw
to cause a denial of service (crash of particular httpd thread,
serving the request).

Acknowledgements:

Red Hat would like to thank Hyrum Wright of the Apache Subversion project
for reporting this issue. Upstream acknowledges Philip Martin, WANdisco, Inc. as the original reporter.
Comment 1 Jan Lieskovsky 2011-02-27 15:06:02 UTC 
This issue did NOT affect the version of the subversion package,
as shipped with Red Hat Enterprise Linux 4, as it did not include
the lock working copy paths feature.

This issue affects the versions of the subversion package, as shipped
with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the subversion package, as shipped
with Fedora release of 13 and 14.
Comment 7 Vincent Danen 2011-03-03 20:33:25 UTC 
This issue is now public:

http://subversion.apache.org/security/CVE-2011-0715-advisory.txt
Comment 8 errata-xmlrpc 2011-03-08 17:43:13 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0327 https://rhn.redhat.com/errata/RHSA-2011-0327.html
Comment 9 errata-xmlrpc 2011-03-08 17:58:41 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0328 https://rhn.redhat.com/errata/RHSA-2011-0328.html
Comment 10 Vincent Danen 2011-03-08 19:58:07 UTC 
Created subversion tracking bugs for this issue

Affects: fedora-all [bug 683198]