CVE-2009-2411

Name of the Vulnerable Software and Affected Versions subversion versions prior to 1.6.4 subversion-devel versions 1.4.2 subversion-javahl versions 1.4.2 subversion-perl versions 1.4.2 subversion-ruby versions 1.4.2 viewcvs (affected versions not specified) cvs2svn (affected versions not specified)

Description The issue allows remote authenticated users to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations For subversion versions prior to 1.6.4, update to version 1.6.4 or later. For subversion-devel version 1.4.2, update to a version later than 1.4.2. For subversion-javahl version 1.4.2, update to a version later than 1.4.2. For subversion-perl version 1.4.2, update to a version later than 1.4.2. For subversion-ruby version 1.4.2, update to a version later than 1.4.2. For viewcvs and cvs2svn, at the moment, there is no information about a newer version that contains a fix for this vulnerability.