Red Hat Bugzilla – Bug 970027
CVE-2013-2088 subversion: Improper sanitization of arguments of certain hook scripts might lead to arbitrary code execution
Last modified: 2013-06-04 04:43:49 EDT
A security flaw was found in the way Subversion, a concurrent version control system, sanitized content of arguments passed to 'check-mime-type.pl' and 'svn-keyword-check.pl' hook scripts. A remote, authenticated attacker could provide a specially-crafted filename that if inspected by some of the aforementioned two scripts, would lead to arbitrary code execution with the privileges of the user running Subversion client.
Created subversion tracking bugs for this issue
Affects: fedora-all [bug 970043]
This security flaw exists in the 'check-mime-type.pl' and 'svn-keyword-check.pl' contrib scripts of subversion. The version of subversion shipped with Red Hat Enterprise Linux 5 and 6 does not ship these scripts.
Not Vulnerable. This issue does not affect the version of subversion as shipped with Red Hat Enterprise Linux 5 and 6.
This issue does not affect the version of subversion as shipped with Fedora 17 and Fedora 18.