WebSVN: Multiple vulnerabilities

Security Team Contact Address

Updated March 09, 2009

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200903-20 / websvn
Release Date	March 09, 2009
Latest Revision	March 09, 2009: 01
Impact	normal
Exploitable	remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
www-apps/websvn	< 2.1.0	>= 2.1.0	All supported architectures

Related bugreports: #243852

Synopsis

Multiple vulnerabilities in WebSVN allow for file overwrite and information disclosure.

2. Impact Information

Background

WebSVN is a web-based browsing tool for Subversion repositories written in PHP.

Description

James Bercegay of GulfTech Security reported a Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl() function in index.php (CVE-2008-5918) and a directory traversal vulnerability in rss.php when magic_quotes_gpc is disabled (CVE-2008-5919).
Bas van Schaik reported that listing.php does not properly enforce access restrictions when using an SVN authz file to authenticate users (CVE-2009-0240).

Impact

A remote attacker can exploit these vulnerabilities to overwrite arbitrary files, to read changelogs or diffs for restricted projects and to hijack a user's session.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All WebSVN users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/websvn-2.1.0"

4. References