Subversion overwrites arbitrary files

For our campus users of Subversion and TortoiseSVN version control systems it is time to update.  Versions prior to the recently released 1.4.5 version have a bug that allows a directory-traversal attack on a windows system using the "..\" syntax.  This would allow a client user with write access to overwrite arbitrary system files for which he has write access privileges.

For more information see:
http://www.securityfocus.com/bid/25468/info

For the newest versions of Subversion:
http://subversion.tigris.org/

Posted by Douglas Couch on August 30, 2007, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.