Apache Subversion insecure authentication vulnerability (CVE-2014-3528)

Apache Subversion insecure authentication vulnerability (CVE-2014-3528)

Release date:
Updated on:

Affected Systems:
Apache Group Subversion 1.8.9-2
Apache Group Subversion 1.6.17dfsg-4 + deb7u6
Apache Group Subversion 1.6.17dfsg-4 + deb7u3
Apache Group Subversion 1.6.12dfsg-7
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68995
CVE (CAN) ID: CVE-2014-3528
 
Subversion is an open-source multi-user version control system that supports non-ASCII text and binary data.
 
Apache Subversion has MD5 conflicts when processing cache creden,. Attackers can trick victims into connecting to their Subversion server and then send specially crafted domain strings that can trigger MD5 conflicts, this can cause the Subversion client to send the creden。 of another domain to the attacker's server.
 
<* Source: Bert Huijben

Link: https://bugzilla.redhat.com/show_bug.cgi? CVE-2014-3528
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 

Http://svn.apache.org/r1550691
Http://svn.apache.org/r1550772

Subversion configuration instances in Linux

CentOS 6.2 SVN setup (YUM installation)

Build an SVN server using Apache + SVN

Set up and use the SVN server in Windows + reset the password on the client

Install SVN in Ubuntu Server 12.04 and migrate Virtual SVN data

Build svn service and migration method on Ubuntu Server

Build SVN server with online storage

This article permanently updates the link address: