REDHAT-BUG-667407: Null Pointer Dereference
First published: Wed Jan 05 2011(Updated: )
A NULL pointer dereference flaw was found in the way mod_dav_svn, Apache httpd module for Subversion server, processed certain requests to display collection of Subversion repositories, available on particular host, when listing of repositories (SVNListParentPath directive) was enabled. A remote user could use this flaw to cause denial of service (particular httpd thread crash). References: [1] <a href="http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES">http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES</a> Upstream changeset: [2] <a href="http://svn.apache.org/viewvc?view=revision&revision=1033166">http://svn.apache.org/viewvc?view=revision&revision=1033166</a> Public PoC: [3] <a href="http://svn.haxx.se/users/archive-2010-11/0084.shtml">http://svn.haxx.se/users/archive-2010-11/0084.shtml</a> Flaw exploitation note: ----------------------- This flaw to be successfully exploited requires the "SVNListParentPath" directive / listing of repositories to be enabled. This feature is turned off by default in versions of subversion package, as shipped with Red Hat Enterprise Linux 5 and 6, which prevents occurrence / exploitation of this flaw.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache mod_dav_svn | ||
| Apache HTTP Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES
- http://svn.apache.org/viewvc?view=revision&revision=1033166
- http://svn.haxx.se/users/archive-2010-11/0084.shtml
- https://access.redhat.com/security/cve/CVE-2010-4539
- http://www.openwall.com/lists/oss-security/2011/01/05/4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=667786
- https://rhn.redhat.com/errata/RHSA-2011-0257.html
- https://rhn.redhat.com/errata/RHSA-2011-0258.html
- https://bugzilla.redhat.com/show_bug.cgi?id=667407
Frequently Asked Questions
What is the severity of REDHAT-BUG-667407?
The severity of REDHAT-BUG-667407 is considered critical due to the potential for remote code execution and denial of service.
How do I fix REDHAT-BUG-667407?
To fix REDHAT-BUG-667407, you should update the Apache mod_dav_svn and Apache HTTP Server to the latest patched version.
Which versions of Apache are affected by REDHAT-BUG-667407?
REDHAT-BUG-667407 affects versions of Apache mod_dav_svn and Apache HTTP Server that have the SVNListParentPath directive enabled.
What causes the vulnerability REDHAT-BUG-667407?
REDHAT-BUG-667407 is caused by a NULL pointer dereference in mod_dav_svn when processing certain requests.
Is there a workaround for REDHAT-BUG-667407?
As a temporary workaround for REDHAT-BUG-667407, you can disable the SVNListParentPath directive if possible.
- collector/redhat-bugzilla
- alias/CVE-2010-4539
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache mod_dav_svn
- canonical/apache http server