APP: Subversion Protocol String Parsing
This signature detects attempts to exploit a known vulnerability against SVN SubVersion server. A successful attack allows the attacker to execute arbitrary code within the context of the server.
Extended Description
It is reported that Subversion is prone to a remote integer overrun vulnerability. The issue exists in the svn protocol parser and is due to a lack of sufficient bounds checking performed on svn URI strings that are transmitted by the client. If the URI string recieved is long enough an integer overrun may occur where the size value of the URI string will wrap and be misrepresented. This may potentially result in corruption of heap memory management structures.
Affected Products
Subversion subversion
Short Name
APP:SVN-PROTOCOL-STRING-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2004-0413 Parsing Protocol String Subversion bid:10519
Release Date
07/09/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/3690
False Positive
Unknown
Vendors
Subversion
Openpkg
CVSS Score
10.0