subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Parrish Knight <>
Subject Re: Subversion upgrade problem
Date Mon, 22 Oct 2012 14:37:45 GMT
On Mon, Oct 22, 2012 at 10:13 AM, Stefan Sperling <> wrote:
> You could check if you can still see a libsvn_delta-1.dll (or similarly
> named file) left over from the old installation.

The only "libsvn" files I find on search are in the Subversion 1.7.7
directory, so that doesn't appear to be the problem.  I'm pretty sure
I already rebooted last week as part of this process, but just in case
my memory is playing tricks on me, I rebooted again this morning and
will do another search in a little while.

>> Are you thinking it might be a false positive?
> Yes, that's possible and probably the first thing to check next.

Our security officer uses the Nessus scanner from Tenable -- .

> Just to make sure I got this right: You're not scanning a Subversion
> server machine, but a Subversion client machine (a laptop), correct?


> To detect the exploit in question it would have to try to remotely crash
> the Subversion client or server using an exploit tailored towards this
> specific vulnerability, crafting a custom svndiff data stream which
> triggers a crash, and then somehow detect remotely whether the client
> or server crashed because of this exploit.
> I doubt a general-purpose scanning tool would have such sophisticated
> exploit-specific checks built-in. So in this case I'd start out assuming
> a false positive unless the opposite is proven.

OK, I'm cc'ing our security officer on this thread to bring him into
the discussion and let him know where we're going.

Parrish S. Knight
NGS Help Desk Lead
301-713-3254 x184

View raw message