Apache Subversion mod_dav_svn Two Denial of Service Vulnerabilities

Secunia ID	SA44681
CVE-ID	CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
Release Date	02 Jun 2011
Criticality	Moderately Critical
Solution Status	Vendor Patch
Software	Apache Subversion 1.x
Where	From remote
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Description	Two vulnerabilities have been reported in Apache Subversion, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A NULL pointer dereference error in the mod_dav_svn module when processing baselined resource requests can be exploited to cause a crash. This vulnerability is reported in versions 1.6.16 and prior. 2) An error within the mod_dav_svn module when handling certain path-based access control rules can be exploited to trigger an infinite loop and exhaust memory. This vulnerability is reported in versions 1.5.0 through 1.6.16. NOTE: A weakness in the handling of path-based access control rules, which could result in certain unreadable files and directories becoming readable has also been reported.
Solution	Update to version 1.6.17.
Reported by	1) Reported by the vendor 2) The vendor credits Ivan Zhakov, VisualSVN.
Original Advisory	http://subversion.apache.org/security/CVE-2011-1752-advisory.txt http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://subversion.apache.org/security/CVE-2011-1921-advisory.txt

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.