CVE-2023-22947
https://notcve.org/view.php?id=CVE-2023-22947
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake." Los permisos de carpeta inseguros en la ruta de instalación de Windows de Shibboleth Service Provider (SP) anterior a 3.4.1 permiten a un atacante local sin privilegios escalar privilegios a SYSTEM mediante la instalación de DLL en la carpeta del ejecutable del servicio. Esto ocurre porque la instalación se realiza en C:\opt (en lugar de C:\Program Files) de forma predeterminada. • https://shibboleth.atlassian.net/browse/SSPCPP-961 https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335545/Install+on+Windows#Restricting-ACLs • CWE-427: Uncontrolled Search Path Element •
CVE-2021-28963
https://notcve.org/view.php?id=CVE-2021-28963
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. Shibboleth Service Provider versiones anteriores a 3.2.1, permite una inyección de contenido porque la generación de plantillas usa parámetros controlados por atacantes • https://bugs.debian.org/985405 https://git.shibboleth.net/view/?p=cpp-sp.git%3Ba=commit%3Bh=d1dbebfadc1bdb824fea63843c4c38fa69e54379 https://issues.shibboleth.net/jira/browse/SSPCPP-922 https://shibboleth.net/community/advisories/secadv_20210317.txt https://www.debian.org/security/2021/dsa-4872 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2010-2450
https://notcve.org/view.php?id=CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. El script keygen.sh en Shibboleth SP 2.0 (ubicado en /usr/local/etc/shibboleth por defecto) utiliza OpenSSL para crear una clave privada DES que es colocada en el archivo sp-key.pm. Se basa en la umask root (predeterminado 22) en lugar de chmoding del archivo resultante en sí mismo, por lo que la clave privada generada es de tipo world readable por defecto. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571631 https://security-tracker.debian.org/tracker/CVE-2010-2450 https://todos.internet2.edu/browse/SSPCPP-106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVE-2017-16852
https://notcve.org/view.php?id=CVE-2017-16852
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763. shibsp/metadata/DynamicMetadataProvider.cpp en el plugin Dynamic MetadataProvider en Shibboleth Service Provider, en versiones anteriores a la 2.6.1, no se configura correctamente con los plugins MetadataFilter y no realiza las verificaciones de seguridad críticas como la verificación de firmas, cumplimiento de los periodos de validez y otras comprobaciones específicas de despliegues. Esta vulnerabilidad también se conoce como SSPCPP-763. • https://bugs.debian.org/881857 https://git.shibboleth.net/view/?p=cpp-sp.git%3Ba=commit%3Bh=b66cceb0e992c351ad5e2c665229ede82f261b16 https://lists.debian.org/debian-lts-announce/2017/11/msg00025.html https://shibboleth.net/community/advisories/secadv_20171115.txt https://www.debian.org/security/2017/dsa-4038 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2015-2684
https://notcve.org/view.php?id=CVE-2015-2684
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. Shibboleth Service Provider (SP) anterior a 2.5.4 permite a usuarios remotos autenticados causar una denegación de servicio (caída) a través de un mensaje SAML manipulado. • http://www.debian.org/security/2015/dsa-3207 http://www.securityfocus.com/bid/73314 https://shibboleth.net/community/advisories/secadv_20150319.txt • CWE-20: Improper Input Validation •