CVE-2004-0397 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0397
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0397

Description: Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16191 SAID Secunia Advisory: SA11675 Secunia Advisory: SA11642 OSVDB 6301 MISC http://security.e-matters.de/advisories/082004.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200405-14.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021737.html FEDORA http://www.linuxsecurity.com/advisories/fedora_advisory-4373.html CONFIRM http://subversion.tigris.org/svn-sscanf-advisory.txt BUGTRAQ http://www.securityfocus.com/archive/1/363814 http://marc.theaimsgroup.com/?l=bugtraq&m=108498676517697&w=2 BID 10386

Return to the previous page.