Upstream information

CVE-2007-2448 at MITRE

Description

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

SUSE information

Overall state of this security issue: Resolved

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:N/AC:H/Au:S/C:P/I:N/A:N
Access Vector Network
Access Complexity High
Authentication Single
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 283761 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
  • subversion >= 1.6.17-1.33.1
  • subversion-devel >= 1.6.17-1.33.1
  • subversion-perl >= 1.6.17-1.33.1
  • subversion-python >= 1.6.17-1.33.1
  • subversion-server >= 1.6.17-1.33.1
  • subversion-tools >= 1.6.17-1.33.1
 Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA subversion-1.6.17-1.33.1
openSUSE Tumbleweed
  • libsvn_auth_gnome_keyring-1-0 >= 1.14.1-1.11
  • libsvn_auth_kwallet-1-0 >= 1.14.1-1.11
  • subversion >= 1.14.1-1.11
  • subversion-bash-completion >= 1.14.1-1.11
  • subversion-devel >= 1.14.1-1.11
  • subversion-perl >= 1.14.1-1.11
  • subversion-python >= 1.14.1-1.11
  • subversion-ruby >= 1.14.1-1.11
  • subversion-server >= 1.14.1-1.11
  • subversion-tools >= 1.14.1-1.11
 Patchnames:
openSUSE Tumbleweed GA libsvn_auth_gnome_keyring-1-0-1.14.1-1.11

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 03:26:26 2013
CVE page last modified: Sun Jul 2 11:19:43 2023