FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

devel/subversion -- contrib hook-scripts can allow arbitrary code execution

Affected packages
1.7.0 <= subversion < 1.7.10
1.2.0 <= subversion < 1.6.23

Details

VuXML ID 6d0bf320-ca39-11e2-9673-001e8c75030d
Discovery 2013-05-31
Entry 2013-05-31

Subversion team reports:

The script contrib/hook-scripts/check-mime-type.pl does not escape argv arguments to 'svnlook' that start with a hyphen. This could be used to cause 'svnlook', and hence check-mime-type.pl, to error out.

The script contrib/hook-scripts/svn-keyword-check.pl parses filenames from the output of 'svnlook changed' and passes them to a further shell command (equivalent to the 'system()' call of the C standard library) without escaping them. This could be used to run arbitrary shell commands in the context of the user whom the pre-commit script runs as (the user who owns the repository).

References

CVE Name CVE-2013-2088