Login   |   Secure Purdue > News

Subversion overwrites arbitrary files

For our campus users of Subversion and TortoiseSVN version control systems it is time to update.  Versions prior to the recently released 1.4.5 version have a bug that allows a directory-traversal attack on a windows system using the "..\" syntax.  This would allow a client user with write access to overwrite arbitrary system files for which he has write access privileges.

For more information see:
http://www.securityfocus.com/bid/25468/info

For the newest versions of Subversion:
http://subversion.tigris.org/

Posted by Douglas Couch on August 30, 2007, in Handlers Log.