Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2016-710

Related Vulnerabilities: CVE-2016-2167   CVE-2016-2168  

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. (CVE-2016-2167) The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. (CVE-2016-2168)

Source

ALAS-2016-710

Amazon Linux AMI Security Advisory: ALAS-2016-710
Advisory Release Date: 2016-06-02 18:09 Pacific
Advisory Updated Date: 2016-06-03 19:46 Pacific
Severity: Medium
Issue Overview:

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. (CVE-2016-2167)

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. (CVE-2016-2168)


Affected Packages:

mod_dav_svn


Issue Correction:
Run yum update mod_dav_svn to update your system.

New Packages:
i686:
    mod_dav_svn-debuginfo-1.9.4-2.52.amzn1.i686
    mod_dav_svn-1.9.4-2.52.amzn1.i686

src:
    mod_dav_svn-1.9.4-2.52.amzn1.src

x86_64:
    mod_dav_svn-1.9.4-2.52.amzn1.x86_64
    mod_dav_svn-debuginfo-1.9.4-2.52.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started