Metasploit Framework Exploit

Subversion Date Svnserve

This is an exploit for the Subversion date parsing overflow. This exploit is for the svnserve daemon (svn:// protocol) and will not work for Subversion over webdav (http[s]://). This exploit should never crash the daemon, and should be safe to do multi-hits.

**WARNING** This exploit seems to (not very often, I've only seen it during testing) corrupt the subversion database, so be careful!

This module (revision 4571) was provided by spoonm, under the Metasploit Framework License.

External references:

• http://www.osvdb.org/6301
• http://www.securityfocus.com/bid/10386
• http://lists.netsys.com/pipermail/full-disclosure/2004-May/021737.html
• http://milw0rm.com/metasploit/68

Targets:

• Linux Bruteforce
• FreeBSD Bruteforce