Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-2167

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

See the

CVE page on Mitre.org for more details.

References

MLIST: [subversion-announce] ...
MLIST: [subversion-announce] ...
CONFIRM: http://subversion.apac...
DEBIAN: DSA-3561
SECTRACK: 1035706
BID: 89417
FEDORA: FEDORA-2016-20cc04ac50
SUSE: openSUSE-SU-2016:1263
SUSE: openSUSE-SU-2016:1264
SLACKWARE: SSA:2016-121-01
GENTOO: GLSA-201610-05
MISC: https://www.oracle.com...

Launchpad.net

CVE 2016-2167

Related bugs

References