CVE-2004-0397 – Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Overflow

https://notcve.org/view.php?id=CVE-2004-0397

Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command. Desbordamiento basado en la pila durante la conversión de datos apr_time en Subversion 1.0.2 y anteriores permite a atacantes remotos ejecutar código arbitrairo mediante: (1) una consulta DAV2 REPORT o (2) una orden get-dated-rev svn-protocol • https://www.exploit-db.com/exploits/304 https://www.exploit-db.com/exploits/9935 https://www.exploit-db.com/exploits/16284 http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021737.html http://marc.info/?l=bugtraq&m=108498676517697&w=2 http://secunia.com/advisories/11642 http://secunia.com/advisories/11675 http://security.e-matters.de/advisories/082004.html http://subversion.tigris.org/svn-sscanf-advisory.txt http://www.gentoo.org/security/en/glsa/glsa-2004 •