Cyrus SASL Authentication Bypass in Apache Subversion
CVE-2016-2167

6.8MEDIUM

Key Information:

Vendor
Apache
Status
Subversion
Vendor
CVE Published:
5 May 2016

Summary

The canonicalize_username function in Apache Subversion, specifically in the svnserve/cyrus_auth.c file, is susceptible to an authentication bypass vulnerability. This occurs when utilized with Cyrus SASL authentication, allowing remote attackers to circumvent access restrictions by exploiting a realm string that serves as a prefix to the expected repository realm string. Unpatched versions prior to 1.8.16 and the 1.9.x series before 1.9.4 are affected, posing a risk of unauthorized access to sensitive repository areas.

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://www.securityfocus.com/bid/89417
vdb-entryx_refsource_BID
http://mail-archives.apache.org/mod_mbox/subversion-annou...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.