929090 – (CVE-2013-1847) CVE-2013-1847 Subversion (mod_dav_svn): DoS (crash) via LOCK requests against a non-existent URL

Bug 929090 (CVE-2013-1847) - CVE-2013-1847 Subversion (mod_dav_svn): DoS (crash) via LOCK requests against a non-existent URL

Summary: CVE-2013-1847 Subversion (mod_dav_svn): DoS (crash) via LOCK requests against...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-1847
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	947369 947370 947372 947374 948813
Blocks:	929099
TreeView+	depends on / blocked

Reported:	2013-03-29 08:51 UTC by Huzaifa S. Sidhpurwala
Modified:	2023-05-11 22:19 UTC (History)
CC List:	4 users (show)
Fixed In Version:	Subversion 1.6.21, Subversion 1.7.9
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-18 13:13:49 UTC
Embargoed:

Attachments	(Terms of Use)
patch-against-1.6.20 (2.19 KB, patch) 2013-03-29 08:52 UTC, Huzaifa S. Sidhpurwala	no flags	Details \| Diff
patch-against-1.7.8 (2.22 KB, patch) 2013-03-29 08:52 UTC, Huzaifa S. Sidhpurwala	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0737	0	normal	SHIPPED_LIVE	Moderate: subversion security update	2013-04-11 21:47:11 UTC

Description Huzaifa S. Sidhpurwala 2013-03-29 08:51:01 UTC

It was found that Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to DoS.

The vulnerability can be triggered by doing a LOCK request against a URL for a path that does not exist in the repository or an invalid activity URL where authentication is not required for the LOCK method.

Acknowledgements:

Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin and Ben Reser as the original reporter of this flaw.

Comment 1 Huzaifa S. Sidhpurwala 2013-03-29 08:52:06 UTC

Created attachment 717972 [details]
patch-against-1.6.20

Comment 2 Huzaifa S. Sidhpurwala 2013-03-29 08:52:30 UTC

Created attachment 717973 [details]
patch-against-1.7.8

Comment 5 Huzaifa S. Sidhpurwala 2013-04-04 09:09:21 UTC

This issue affects the version of subversion as shipped with Red Hat Enterprise Linux 5 and 6.

This issue affects the version of subversion as shipped with Fedora 17 and Fedora 18.

Comment 6 Jan Lieskovsky 2013-04-05 12:47:37 UTC

External References:

http://subversion.apache.org/security/CVE-2013-1847-advisory.txt

Comment 7 Jan Lieskovsky 2013-04-05 12:48:04 UTC

Announcements:
http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E (v1.7.9)

http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E (v1.6.21)

Comment 8 Jan Lieskovsky 2013-04-05 12:59:24 UTC

Created subversion tracking bugs for this issue

Affects: fedora-all [bug 948813]

Comment 10 errata-xmlrpc 2013-04-11 17:49:23 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2013:0737 https://rhn.redhat.com/errata/RHSA-2013-0737.html

Note You need to log in before you can comment on or make changes to this bug.