Subversion overwrites arbitrary files
The Subversion and TortoiseSVN version control systems contain a vulnerability that can be exploited by attackers to create or overwrite arbitrary files on client systems. A new version has been released to fix this bug.
The SVN systems do not conduct a backslash check of file names when checking files into the repository, which makes it possible to perform a directory-traversal attack on Windows systems using the "..\" syntax. With write access to the SVN repository an attacker could overwrite arbitrary files for which the client user has write access privileges.
This vulnerability affects Subversion 1.44 and TortoiseSVN 1.44. Prior versions of both products are also affected. The developers have provided version 1.45 for download. Windows users, in particular, are strongly advised to install the update as soon as possible.
- Subversion 1.4.5 releaded (Win32 security release), announcement of the new program version and bug report
- Download of TortoiseSVN
- Download of Subversion