| Subversion versions up to and including 1.0.5 have a bug in |
| mod_authz_svn that allows users with write access to read |
| portions of the repository that they do not have read access |
| to. Subversion 1.0.6 and newer (including 1.1.0-rc1) are not |
| vulnerable to this issue. |
| |
| Details: |
| ======== |
| |
| mod_authz_svn would allow a user to copy portions of a repo to which |
| they did not have read permissions to portions that they did have |
| read permissions on, thereby evading the read restrictions. |
| |
| Severity: |
| ========= |
| |
| This is a low risk issue. Only sites running mod_authz_svn (an |
| Apache module) that are trying to restrict some of their users |
| with write access to a repo from reading part of that repo are |
| vulnerable. |
| |
| Most installations will not fall into this category. |
| Additionally, any attempt to use such a vulnerability will be |
| apparent as the copy will be versioned. Plus, it's doubtful |
| any site would permit public write access to its repository |
| so this issue should not be accessible by unauthenticated users. |
| |
| This vulnerability does not affect users running svnserve. |
| |
| Workarounds: |
| ============ |
| |
| * Disable DAV and use svnserve. |
| |
| * Separate content into different repos. |
| |
| * Disable the COPY method via Apache configuration. Note this will |
| disallow all copies. |
| |
| Recommendations: |
| ================ |
| |
| We recommend all users upgrade to 1.0.6 or 1.1.0-rc1. |
