Summary: | <dev-vcs/subversion-1.14.1: DoS in mod_authz_svn (CVE-2020-17525) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dilfridge, zlogene |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://subversion.apache.org/security/CVE-2020-17525-advisory.txt | ||
Whiteboard: | C3 [noglsa cve] | ||
Package list: |
dev-vcs/subversion-1.14.1
|
Runtime testing required: | --- |
Bug Depends on: | 778455 | ||
Bug Blocks: |
Description
Thomas Deutschmann (RETIRED)
2021-01-29 23:28:50 UTC
CVE-2020-17525: A null-pointer-dereference has been found in mod_authz_svn that results in a remote unauthenticated Denial-of-Service in some server configurations. The vulnerability can be triggered by an unauthenticated user if the Apache HTTPD server is configured to use an in-repository authz file, with configuration directives such as: AuthzSVNAccessFile "^/authz" AuthzSVNReposRelativeAccessFile "^/authz" The problem originates when sending a GET request to a non-existent repository. The mod_authz_svn module will attempt to find authz rules at a path within the requested SVN repository. Upon constructing this path, the function svn_repos_find_root_path will return a NULL pointer since the requested repository does not exist on-disk. A check for this legitimate NULL pointer condition is missing, which results in a segmentation fault when the NULL pointer is used. The in-repository authz feature was first introduced in Subversion 1.8: https://subversion.apache.org/docs/release-notes/1.8.html#in-repo-authz The missing NULL check was first introduced during refactoring of the authz code during development work leading up to Subversion 1.9. Subversion 1.8 servers are unaffected. Fixed in 1.14.1. Please bump Please proceed with stabilization when ready. Let's go. sparc done arm done arm64 done ppc64 done Hitting bug 740464 on ppc. amd64 done x86 done ppc done all arches done Please cleanup. No glsa here. |