CVE-2009-2411
Summary
| CVE | CVE-2009-2411 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-08-07 19:30:00 UTC |
| Updated | 2017-09-19 01:29:00 UTC |
| Description | Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. |
Risk And Classification
Problem Types: CWE-189
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Subversion | Subversion | 0.22.1 | All | All | All |
| Application | Subversion | Subversion | 0.23.0 | All | All | All |
| Application | Subversion | Subversion | 0.24.0 | All | All | All |
| Application | Subversion | Subversion | 0.24.1 | All | All | All |
| Application | Subversion | Subversion | 0.24.2 | All | All | All |
| Application | Subversion | Subversion | 0.25.0 | All | All | All |
| Application | Subversion | Subversion | 0.27.0 | All | All | All |
| Application | Subversion | Subversion | 0.28.0 | All | All | All |
| Application | Subversion | Subversion | 0.28.1 | All | All | All |
| Application | Subversion | Subversion | 0.28.2 | All | All | All |
| Application | Subversion | Subversion | 0.29.0 | All | All | All |
| Application | Subversion | Subversion | 0.30.0 | All | All | All |
| Application | Subversion | Subversion | 0.31.0 | All | All | All |
| Application | Subversion | Subversion | 0.32.0 | All | All | All |
| Application | Subversion | Subversion | 0.32.1 | All | All | All |
| Application | Subversion | Subversion | 0.33.0 | All | All | All |
| Application | Subversion | Subversion | 0.33.1 | All | All | All |
| Application | Subversion | Subversion | 0.34.0 | All | All | All |
| Application | Subversion | Subversion | 0.35.0 | All | All | All |
| Application | Subversion | Subversion | 0.35.1 | All | All | All |
| Application | Subversion | Subversion | 0.36.0 | All | All | All |
| Application | Subversion | Subversion | 0.37.0 | All | All | All |
| Application | Subversion | Subversion | 1.0 | All | All | All |
| Application | Subversion | Subversion | 1.0.0 | All | All | All |
| Application | Subversion | Subversion | 1.0.1 | All | All | All |
| Application | Subversion | Subversion | 1.0.2 | All | All | All |
| Application | Subversion | Subversion | 1.0.3 | All | All | All |
| Application | Subversion | Subversion | 1.0.4 | All | All | All |
| Application | Subversion | Subversion | 1.0.5 | All | All | All |
| Application | Subversion | Subversion | 1.0.6 | All | All | All |
| Application | Subversion | Subversion | 1.0.7 | All | All | All |
| Application | Subversion | Subversion | 1.0.8 | All | All | All |
| Application | Subversion | Subversion | 1.0.9 | All | All | All |
| Application | Subversion | Subversion | 1.1.0 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc1 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc2 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc3 | All | All | All |
| Application | Subversion | Subversion | 1.1.1 | All | All | All |
| Application | Subversion | Subversion | 1.1.2 | All | All | All |
| Application | Subversion | Subversion | 1.1.3 | All | All | All |
| Application | Subversion | Subversion | 1.1.4 | All | All | All |
| Application | Subversion | Subversion | 1.2.0 | All | All | All |
| Application | Subversion | Subversion | 1.2.1 | All | All | All |
| Application | Subversion | Subversion | 1.2.2 | All | All | All |
| Application | Subversion | Subversion | 1.2.3 | All | All | All |
| Application | Subversion | Subversion | 1.3.0 | All | All | All |
| Application | Subversion | Subversion | 1.3.1 | All | All | All |
| Application | Subversion | Subversion | 1.3.2 | All | All | All |
| Application | Subversion | Subversion | 1.4.0 | All | All | All |
| Application | Subversion | Subversion | 1.4.1 | All | All | All |
| Application | Subversion | Subversion | 1.4.2 | All | All | All |
| Application | Subversion | Subversion | 1.4.3 | All | All | All |
| Application | Subversion | Subversion | 1.4.4 | All | All | All |
| Application | Subversion | Subversion | 1.4.5 | All | All | All |
| Application | Subversion | Subversion | 1.5.0 | All | All | All |
| Application | Subversion | Subversion | 1.5.1 | All | All | All |
| Application | Subversion | Subversion | 1.5.3 | All | All | All |
| Application | Subversion | Subversion | 1.5.4 | All | All | All |
| Application | Subversion | Subversion | 1.5.5 | All | All | All |
| Application | Subversion | Subversion | 1.6.0 | All | All | All |
| Application | Subversion | Subversion | 1.6.1 | All | All | All |
| Application | Subversion | Subversion | 1.6.2 | All | All | All |
| Application | Subversion | Subversion | 1.6.3 | All | All | All |
| Application | Subversion | Subversion | 0.22.1 | All | All | All |
| Application | Subversion | Subversion | 0.23.0 | All | All | All |
| Application | Subversion | Subversion | 0.24.0 | All | All | All |
| Application | Subversion | Subversion | 0.24.1 | All | All | All |
| Application | Subversion | Subversion | 0.24.2 | All | All | All |
| Application | Subversion | Subversion | 0.25.0 | All | All | All |
| Application | Subversion | Subversion | 0.27.0 | All | All | All |
| Application | Subversion | Subversion | 0.28.0 | All | All | All |
| Application | Subversion | Subversion | 0.28.1 | All | All | All |
| Application | Subversion | Subversion | 0.28.2 | All | All | All |
| Application | Subversion | Subversion | 0.29.0 | All | All | All |
| Application | Subversion | Subversion | 0.30.0 | All | All | All |
| Application | Subversion | Subversion | 0.31.0 | All | All | All |
| Application | Subversion | Subversion | 0.32.0 | All | All | All |
| Application | Subversion | Subversion | 0.32.1 | All | All | All |
| Application | Subversion | Subversion | 0.33.0 | All | All | All |
| Application | Subversion | Subversion | 0.33.1 | All | All | All |
| Application | Subversion | Subversion | 0.34.0 | All | All | All |
| Application | Subversion | Subversion | 0.35.0 | All | All | All |
| Application | Subversion | Subversion | 0.35.1 | All | All | All |
| Application | Subversion | Subversion | 0.36.0 | All | All | All |
| Application | Subversion | Subversion | 0.37.0 | All | All | All |
| Application | Subversion | Subversion | 1.0 | All | All | All |
| Application | Subversion | Subversion | 1.0.0 | All | All | All |
| Application | Subversion | Subversion | 1.0.1 | All | All | All |
| Application | Subversion | Subversion | 1.0.2 | All | All | All |
| Application | Subversion | Subversion | 1.0.3 | All | All | All |
| Application | Subversion | Subversion | 1.0.4 | All | All | All |
| Application | Subversion | Subversion | 1.0.5 | All | All | All |
| Application | Subversion | Subversion | 1.0.6 | All | All | All |
| Application | Subversion | Subversion | 1.0.7 | All | All | All |
| Application | Subversion | Subversion | 1.0.8 | All | All | All |
| Application | Subversion | Subversion | 1.0.9 | All | All | All |
| Application | Subversion | Subversion | 1.1.0 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc1 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc2 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc3 | All | All | All |
| Application | Subversion | Subversion | 1.1.1 | All | All | All |
| Application | Subversion | Subversion | 1.1.2 | All | All | All |
| Application | Subversion | Subversion | 1.1.3 | All | All | All |
| Application | Subversion | Subversion | 1.1.4 | All | All | All |
| Application | Subversion | Subversion | 1.2.0 | All | All | All |
| Application | Subversion | Subversion | 1.2.1 | All | All | All |
| Application | Subversion | Subversion | 1.2.2 | All | All | All |
| Application | Subversion | Subversion | 1.2.3 | All | All | All |
| Application | Subversion | Subversion | 1.3.0 | All | All | All |
| Application | Subversion | Subversion | 1.3.1 | All | All | All |
| Application | Subversion | Subversion | 1.3.2 | All | All | All |
| Application | Subversion | Subversion | 1.4.0 | All | All | All |
| Application | Subversion | Subversion | 1.4.1 | All | All | All |
| Application | Subversion | Subversion | 1.4.2 | All | All | All |
| Application | Subversion | Subversion | 1.4.3 | All | All | All |
| Application | Subversion | Subversion | 1.4.4 | All | All | All |
| Application | Subversion | Subversion | 1.4.5 | All | All | All |
| Application | Subversion | Subversion | 1.5.0 | All | All | All |
| Application | Subversion | Subversion | 1.5.1 | All | All | All |
| Application | Subversion | Subversion | 1.5.3 | All | All | All |
| Application | Subversion | Subversion | 1.5.4 | All | All | All |
| Application | Subversion | Subversion | 1.5.5 | All | All | All |
| Application | Subversion | Subversion | 1.6.0 | All | All | All |
| Application | Subversion | Subversion | 1.6.1 | All | All | All |
| Application | Subversion | Subversion | 1.6.2 | All | All | All |
| Application | Subversion | Subversion | 1.6.3 | All | All | All |
| Application | Subversion | Subversion | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About Security Update 2009-006 / Mac OS X v10.6.2 | CONFIRM | support.apple.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Debian -- Security Information -- DSA-1855-1 subversion | DEBIAN | www.debian.org | |
| SecurityTracker.com Archives - Subversion Heap Overflow in libsvn_delta Library Lets Remote Users Execute Arbitrary Code | SECTRACK | www.securitytracker.com | |
| 20090807 Subversion heap overflow | BUGTRAQ | archives.neohapsis.com | |
| Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities | BID | www.securityfocus.com | |
| Red Hat update for subversion - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| APPLE-SA-2009-11-09-1 Security Update 2009-006 / Mac OS X v10.6.2 | APPLE | lists.apple.com | |
| Subversion Dev: Patch to 1.4.x branch for CVE-2009-2411 | MLIST | svn.haxx.se | |
| [SECURITY] Fedora 11 Update: subversion-1.6.4-2.fc11 | FEDORA | www.redhat.com | |
| Apache Subversion Source Code | CONFIRM | svn.collab.net | |
| Subversion Binary Delta Parsing Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Apache Subversion Source Code | CONFIRM | svn.collab.net | |
| 56856 | OSVDB | osvdb.org | |
| Subversion Dev: Subversion 1.5.7 Released | MLIST | svn.haxx.se | |
| Debian update for subversion - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| subversion.tigris.org/security/CVE-2009-2411-advisory.txt | CONFIRM | subversion.tigris.org | |
| Fedora update for subversion - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Ubuntu update for subversion - Advisories - Community | SECUNIA | secunia.com | |
| mandriva.com | MANDRIVA | www.mandriva.com | |
| USN-812-1: Subversion vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Subversion Dev: Subversion 1.6.4 Released | MLIST | svn.haxx.se | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| [SECURITY] Fedora 10 Update: subversion-1.6.4-2.fc10 | FEDORA | www.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.