Lasso is a library that implements the Liberty Alliance Single Sign On standards, including the SAML and SAML2 specifications. It allows to handle the whole life-cycle of SAML based Federations, and provides bindings for multiple languages.
{"ubuntucve": [{"lastseen": "2022-01-31T11:31:21", "description": "Lasso all versions prior to 2.7.0 has improper verification of a\ncryptographic signature.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-01T00:00:00", "type": "ubuntucve", "title": "CVE-2021-28091", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-01T00:00:00", "id": "UB:CVE-2021-28091", "href": "https://ubuntu.com/security/CVE-2021-28091", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2022-05-10T13:06:55", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has lasso packages installed that are affected by a vulnerability:\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : lasso Vulnerability (NS-SA-2022-0046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:lasso", "p-cpe:/a:zte:cgsl_core:lasso-debuginfo", "p-cpe:/a:zte:cgsl_core:lasso-devel", "p-cpe:/a:zte:cgsl_core:lasso-python", "p-cpe:/a:zte:cgsl_main:lasso", "p-cpe:/a:zte:cgsl_main:lasso-debuginfo", "p-cpe:/a:zte:cgsl_main:lasso-devel", "p-cpe:/a:zte:cgsl_main:lasso-python", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0046_LASSO.NASL", "href": "https://www.tenable.com/plugins/nessus/160822", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0046. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160822);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2021-28091\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : lasso Vulnerability (NS-SA-2022-0046)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has lasso packages installed that are affected by\na vulnerability:\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0046\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-28091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL lasso packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:lasso-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:lasso-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lasso-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lasso-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'lasso-2.5.1-8.el7_9',\n 'lasso-debuginfo-2.5.1-8.el7_9',\n 'lasso-devel-2.5.1-8.el7_9',\n 'lasso-python-2.5.1-8.el7_9'\n ],\n 'CGSL MAIN 5.05': [\n 'lasso-2.5.1-8.el7_9',\n 'lasso-debuginfo-2.5.1-8.el7_9',\n 'lasso-devel-2.5.1-8.el7_9',\n 'lasso-python-2.5.1-8.el7_9'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:24:46", "description": "The version of lasso installed on the remote host is prior to 2.5.1-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1660 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-06-23T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : lasso (ALAS-2021-1660)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:lasso", "p-cpe:/a:amazon:linux:lasso-debuginfo", "p-cpe:/a:amazon:linux:lasso-devel", "p-cpe:/a:amazon:linux:lasso-python", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1660.NASL", "href": "https://www.tenable.com/plugins/nessus/150964", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1660.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150964);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/23\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"ALAS\", value:\"2021-1660\");\n\n script_name(english:\"Amazon Linux 2 : lasso (ALAS-2021-1660)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of lasso installed on the remote host is prior to 2.5.1-5. It is, therefore, affected by a vulnerability as\nreferenced in the ALAS2-2021-1660 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1660.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update lasso' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lasso-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lasso-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'lasso-2.5.1-5.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.5.1-5.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.5.1-5.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.5.1-5.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.5.1-5.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.5.1-5.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.5.1-5.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.5.1-5.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.5.1-5.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-python-2.5.1-5.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-python-2.5.1-5.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-python-2.5.1-5.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lasso / lasso-debuginfo / lasso-devel / etc\");\n}", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-14T23:34:20", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4325 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : lasso (RLSA-2021:4325)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:lasso", "p-cpe:/a:rocky:linux:lasso-debuginfo", "p-cpe:/a:rocky:linux:lasso-debugsource", "p-cpe:/a:rocky:linux:lasso-devel", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-4325.NASL", "href": "https://www.tenable.com/plugins/nessus/157761", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:4325.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157761);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"RLSA\", value:\"2021:4325\");\n\n script_name(english:\"Rocky Linux 8 : lasso (RLSA-2021:4325)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2021:4325 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:4325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1829785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1940089\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:lasso-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:lasso-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debugsource-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debugsource-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debugsource-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso / lasso-debuginfo / lasso-debugsource / lasso-devel');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-31T23:49:02", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4325 advisory.\n\n - lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : lasso (RHSA-2021:4325)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:lasso", "p-cpe:/a:redhat:enterprise_linux:lasso-devel"], "id": "REDHAT-RHSA-2021-4325.NASL", "href": "https://www.tenable.com/plugins/nessus/155072", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4325. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155072);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"RHSA\", value:\"2021:4325\");\n\n script_name(english:\"RHEL 8 : lasso (RHSA-2021:4325)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:4325 advisory.\n\n - lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/345.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/347.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1940089\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso and / or lasso-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(345, 347);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lasso-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso / lasso-devel');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-30T23:48:13", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4325 advisory.\n\n - lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : lasso (CESA-2021:4325)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:lasso", "p-cpe:/a:centos:centos:lasso-devel"], "id": "CENTOS8_RHSA-2021-4325.NASL", "href": "https://www.tenable.com/plugins/nessus/155028", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4325. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155028);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"RHSA\", value:\"2021:4325\");\n\n script_name(english:\"CentOS 8 : lasso (CESA-2021:4325)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:4325 advisory.\n\n - lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4325\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso and / or lasso-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lasso-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso / lasso-devel');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-31T23:56:19", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4325 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : lasso (ELSA-2021-4325)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-11-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:lasso", "p-cpe:/a:oracle:linux:lasso-devel"], "id": "ORACLELINUX_ELSA-2021-4325.NASL", "href": "https://www.tenable.com/plugins/nessus/155389", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4325.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155389);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/17\");\n\n script_cve_id(\"CVE-2021-28091\");\n\n script_name(english:\"Oracle Linux 8 : lasso (ELSA-2021-4325)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-4325 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4325.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso and / or lasso-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lasso-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso / lasso-devel');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:23:45", "description": "It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-06-07T00:00:00", "type": "nessus", "title": "Debian DSA-4926-1 : lasso - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lasso", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4926.NASL", "href": "https://www.tenable.com/plugins/nessus/150310", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4926. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150310);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/14\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"DSA\", value:\"4926\");\n\n script_name(english:\"Debian DSA-4926-1 : lasso - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that lasso, a library which implements SAML 2.0 and\nLiberty Alliance standards, did not properly verify that all\nassertions in a SAML response were properly signed, allowing an\nattacker to impersonate users or bypass access control.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/lasso\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/lasso\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4926\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the lasso packages.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.6.0-2+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"liblasso-perl\", reference:\"2.6.0-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblasso3\", reference:\"2.6.0-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblasso3-dev\", reference:\"2.6.0-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"python-lasso\", reference:\"2.6.0-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"python3-lasso\", reference:\"2.6.0-2+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T01:20:02", "description": "According to the version of the lasso packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.(CVE-2021-28091)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-09-07T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : lasso (EulerOS-SA-2021-2337)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-09-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:lasso", "p-cpe:/a:huawei:euleros:lasso-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2337.NASL", "href": "https://www.tenable.com/plugins/nessus/153078", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153078);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/09\");\n\n script_cve_id(\n \"CVE-2021-28091\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : lasso (EulerOS-SA-2021-2337)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the lasso packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Lasso all versions prior to 2.7.0 has improper\n verification of a cryptographic\n signature.(CVE-2021-28091)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2337\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?23884d3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:lasso-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"lasso-2.5.1-2.h1.eulerosv2r7\",\n \"lasso-python-2.5.1-2.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lasso\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-14T23:33:20", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4325 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : lasso (ALSA-2021:4325)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:lasso", "p-cpe:/a:alma:linux:lasso-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4325.NASL", "href": "https://www.tenable.com/plugins/nessus/157521", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4325.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157521);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"ALSA\", value:\"2021:4325\");\n\n script_name(english:\"AlmaLinux 8 : lasso (ALSA-2021:4325)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2021:4325 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4325.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso and / or lasso-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.6.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso / lasso-devel');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:23:46", "description": "entrouvert reports :\n\nWhen AuthnResponse messages are not signed (which is permitted by the specifiation), all assertion's signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one is considered the main assertion.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-06-07T00:00:00", "type": "nessus", "title": "FreeBSD : lasso -- signature checking failure (417de1e6-c31b-11eb-9633-b42e99a1b9c3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-14T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:lasso", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_417DE1E6C31B11EB9633B42E99A1B9C3.NASL", "href": "https://www.tenable.com/plugins/nessus/150316", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150316);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/14\");\n\n script_cve_id(\"CVE-2021-28091\");\n\n script_name(english:\"FreeBSD : lasso -- signature checking failure (417de1e6-c31b-11eb-9633-b42e99a1b9c3)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"entrouvert reports :\n\nWhen AuthnResponse messages are not signed (which is permitted by the\nspecifiation), all assertion's signatures should be checked, but\ncurrently after the first signed assertion is checked all following\nassertions are accepted without checking their signature, and the last\none is considered the main assertion.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0\"\n );\n # https://vuxml.freebsd.org/freebsd/417de1e6-c31b-11eb-9633-b42e99a1b9c3.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61863745\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lasso<2.7.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:20:00", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2989 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-08-02T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : lasso (ELSA-2021-2989)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-08-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:lasso", "p-cpe:/a:oracle:linux:lasso-devel", "p-cpe:/a:oracle:linux:lasso-python"], "id": "ORACLELINUX_ELSA-2021-2989.NASL", "href": "https://www.tenable.com/plugins/nessus/152177", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2989.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152177);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/02\");\n\n script_cve_id(\"CVE-2021-28091\");\n\n script_name(english:\"Oracle Linux 7 : lasso (ELSA-2021-2989)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-2989 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2989.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso, lasso-devel and / or lasso-python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lasso-python\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'lasso-2.5.1-8.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.5.1-8.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-python-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso / lasso-devel / lasso-python');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:20:47", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2589-1 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-08-03T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : lasso (SUSE-SU-2021:2589-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-08-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:liblasso-devel", "p-cpe:/a:novell:suse_linux:liblasso3", "p-cpe:/a:novell:suse_linux:python3-lasso", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-2589-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152187", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2589-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152187);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/09\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2589-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : lasso (SUSE-SU-2021:2589-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2021:2589-1 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186768\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009242.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a7162c2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblasso-devel, liblasso3 and / or python3-lasso packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblasso3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'liblasso3-2.6.1-8.7.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'python3-lasso-2.6.1-8.7.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'liblasso-devel-2.6.1-8.7.2', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'liblasso-devel-2.6.1-8.7.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'liblasso3-2.6.1-8.7.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'python3-lasso-2.6.1-8.7.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblasso-devel / liblasso3 / python3-lasso');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T01:20:53", "description": "According to the version of the lasso packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.(CVE-2021-28091)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : lasso (EulerOS-SA-2021-2393)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:lasso", "p-cpe:/a:huawei:euleros:lasso-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2393.NASL", "href": "https://www.tenable.com/plugins/nessus/153354", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153354);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\n \"CVE-2021-28091\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : lasso (EulerOS-SA-2021-2393)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the lasso packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Lasso all versions prior to 2.7.0 has improper\n verification of a cryptographic\n signature.(CVE-2021-28091)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2393\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a56aad4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:lasso-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"lasso-2.5.0-1.h1\",\n \"lasso-python-2.5.0-1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lasso\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:31:11", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4974-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-06-02T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : Lasso vulnerability (USN-4974-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-11T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:liblasso-perl", "p-cpe:/a:canonical:ubuntu_linux:liblasso3", "p-cpe:/a:canonical:ubuntu_linux:liblasso3-dev", "p-cpe:/a:canonical:ubuntu_linux:python-lasso", "p-cpe:/a:canonical:ubuntu_linux:python3-lasso"], "id": "UBUNTU_USN-4974-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150134", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4974-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150134);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"USN\", value:\"4974-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : Lasso vulnerability (USN-4974-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as\nreferenced in the USN-4974-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4974-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblasso-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblasso3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblasso3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-lasso\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'liblasso-perl', 'pkgver': '2.5.1-0ubuntu1.2'},\n {'osver': '18.04', 'pkgname': 'liblasso3', 'pkgver': '2.5.1-0ubuntu1.2'},\n {'osver': '18.04', 'pkgname': 'liblasso3-dev', 'pkgver': '2.5.1-0ubuntu1.2'},\n {'osver': '18.04', 'pkgname': 'python-lasso', 'pkgver': '2.5.1-0ubuntu1.2'},\n {'osver': '18.04', 'pkgname': 'python3-lasso', 'pkgver': '2.5.1-0ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'liblasso-perl', 'pkgver': '2.6.0-7ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'liblasso3', 'pkgver': '2.6.0-7ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'liblasso3-dev', 'pkgver': '2.6.0-7ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'python3-lasso', 'pkgver': '2.6.0-7ubuntu1.2'},\n {'osver': '20.10', 'pkgname': 'liblasso-perl', 'pkgver': '2.6.0-7ubuntu2.1'},\n {'osver': '20.10', 'pkgname': 'liblasso3', 'pkgver': '2.6.0-7ubuntu2.1'},\n {'osver': '20.10', 'pkgname': 'liblasso3-dev', 'pkgver': '2.6.0-7ubuntu2.1'},\n {'osver': '20.10', 'pkgname': 'python3-lasso', 'pkgver': '2.6.0-7ubuntu2.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblasso-perl / liblasso3 / liblasso3-dev / python-lasso / etc');\n}", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:22:24", "description": "The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:2989-1 advisory.\n\n - lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-08-03T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : lasso on SL7.x i686/x86_64 (2021:2989)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-08-03T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:lasso", "p-cpe:/a:fermilab:scientific_linux:lasso-debuginfo", "p-cpe:/a:fermilab:scientific_linux:lasso-devel", "p-cpe:/a:fermilab:scientific_linux:lasso-python"], "id": "SL_20210803_LASSO_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/152192", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152192);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/03\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"RHSA\", value:\"RHSA-2021:2989\");\n\n script_name(english:\"Scientific Linux Security Update : lasso on SL7.x i686/x86_64 (2021:2989)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nSLSA-2021:2989-1 advisory.\n\n - lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20212989-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:lasso-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:lasso-python\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'lasso-2.5.1-8.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.5.1-8.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.5.1-8.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-python-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso / lasso-debuginfo / lasso-devel / etc');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T01:20:54", "description": "According to the versions of the lasso package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : lasso (EulerOS-SA-2021-2467)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-09-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:lasso", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2467.NASL", "href": "https://www.tenable.com/plugins/nessus/153640", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153640);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\"CVE-2021-28091\");\n\n script_name(english:\"EulerOS 2.0 SP8 : lasso (EulerOS-SA-2021-2467)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the lasso package installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2467\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8946b43\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"lasso-2.6.0-7.h1.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lasso\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T01:18:03", "description": "The version of lasso installed on the remote host is prior to 2.5.1-8.6. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1529 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-09-09T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : lasso (ALAS-2021-1529)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-09-09T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:lasso", "p-cpe:/a:amazon:linux:lasso-debuginfo", "p-cpe:/a:amazon:linux:lasso-devel", "p-cpe:/a:amazon:linux:lasso-python", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1529.NASL", "href": "https://www.tenable.com/plugins/nessus/153162", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1529.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153162);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/09\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"ALAS\", value:\"2021-1529\");\n\n script_name(english:\"Amazon Linux AMI : lasso (ALAS-2021-1529)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of lasso installed on the remote host is prior to 2.5.1-8.6. It is, therefore, affected by a vulnerability\nas referenced in the ALAS-2021-1529 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1529.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update lasso' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lasso-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lasso-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'lasso-2.5.1-8.6.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-2.5.1-8.6.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.5.1-8.6.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-debuginfo-2.5.1-8.6.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.5.1-8.6.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-devel-2.5.1-8.6.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-python-2.5.1-8.6.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lasso-python-2.5.1-8.6.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lasso / lasso-debuginfo / lasso-devel / etc\");\n}", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:27:57", "description": "A vulnerability was discovered in lasso, a library for Liberty Alliance and SAML protocols, which results to a improper verification of a cryptographic signature.\n\nFor Debian 9 stretch, this problem has been fixed in version 2.5.0-5+deb9u1.\n\nWe recommend that you upgrade your lasso packages.\n\nFor the detailed security status of lasso please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lasso\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-06-11T00:00:00", "type": "nessus", "title": "Debian DLA-2684-1 : lasso security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:liblasso-perl", "p-cpe:/a:debian:debian_linux:liblasso3", "p-cpe:/a:debian:debian_linux:liblasso3-dev", "p-cpe:/a:debian:debian_linux:python-lasso", "p-cpe:/a:debian:debian_linux:python3-lasso", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2684.NASL", "href": "https://www.tenable.com/plugins/nessus/150703", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2684-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150703);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/15\");\n\n script_cve_id(\"CVE-2021-28091\");\n\n script_name(english:\"Debian DLA-2684-1 : lasso security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A vulnerability was discovered in lasso, a library for Liberty\nAlliance and SAML protocols, which results to a improper verification\nof a cryptographic signature.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2.5.0-5+deb9u1.\n\nWe recommend that you upgrade your lasso packages.\n\nFor the detailed security status of lasso please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/lasso\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/lasso\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/lasso\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblasso-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblasso3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblasso3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"liblasso-perl\", reference:\"2.5.0-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"liblasso3\", reference:\"2.5.0-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"liblasso3-dev\", reference:\"2.5.0-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-lasso\", reference:\"2.5.0-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-lasso\", reference:\"2.5.0-5+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T01:14:07", "description": "According to the versions of the lasso packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-10-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : lasso (EulerOS-SA-2021-2589)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-10-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:lasso", "p-cpe:/a:huawei:euleros:lasso-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2589.NASL", "href": "https://www.tenable.com/plugins/nessus/154385", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154385);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/25\");\n\n script_cve_id(\"CVE-2021-28091\");\n\n script_name(english:\"EulerOS 2.0 SP3 : lasso (EulerOS-SA-2021-2589)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the lasso packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2589\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ebb26a27\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:lasso-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"lasso-2.5.0-1.h1\",\n \"lasso-python-2.5.0-1.h1\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lasso\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-09T23:29:44", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has lasso packages installed that are affected by a vulnerability:\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : lasso Vulnerability (NS-SA-2022-0011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:lasso", "p-cpe:/a:zte:cgsl_core:lasso-debuginfo", "p-cpe:/a:zte:cgsl_core:lasso-devel", "p-cpe:/a:zte:cgsl_core:lasso-python", "p-cpe:/a:zte:cgsl_main:lasso", "p-cpe:/a:zte:cgsl_main:lasso-debuginfo", "p-cpe:/a:zte:cgsl_main:lasso-devel", "p-cpe:/a:zte:cgsl_main:lasso-python", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0011_LASSO.NASL", "href": "https://www.tenable.com/plugins/nessus/160752", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0011. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160752);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2021-28091\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : lasso Vulnerability (NS-SA-2022-0011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has lasso packages installed that are affected by\na vulnerability:\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0011\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-28091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL lasso packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:lasso-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:lasso-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lasso-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:lasso-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'lasso-2.5.1-8.el7_9',\n 'lasso-debuginfo-2.5.1-8.el7_9',\n 'lasso-devel-2.5.1-8.el7_9',\n 'lasso-python-2.5.1-8.el7_9'\n ],\n 'CGSL MAIN 5.04': [\n 'lasso-2.5.1-8.el7_9',\n 'lasso-debuginfo-2.5.1-8.el7_9',\n 'lasso-devel-2.5.1-8.el7_9',\n 'lasso-python-2.5.1-8.el7_9'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:17:34", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2989 advisory.\n\n - lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "RHEL 7 : lasso (RHSA-2021:2989)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:lasso", "p-cpe:/a:redhat:enterprise_linux:lasso-devel", "p-cpe:/a:redhat:enterprise_linux:lasso-python"], "id": "REDHAT-RHSA-2021-2989.NASL", "href": "https://www.tenable.com/plugins/nessus/152355", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2989. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152355);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2021-28091\");\n script_xref(name:\"RHSA\", value:\"2021:2989\");\n\n script_name(english:\"RHEL 7 : lasso (RHSA-2021:2989)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:2989 advisory.\n\n - lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/345.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/347.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1940089\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lasso, lasso-devel and / or lasso-python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(345, 347);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lasso-python\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'lasso-2.5.1-8.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'lasso-2.5.1-8.el7_9', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'lasso-2.5.1-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'lasso-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'lasso-devel-2.5.1-8.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'lasso-devel-2.5.1-8.el7_9', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'lasso-devel-2.5.1-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'lasso-devel-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'lasso-python-2.5.1-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'lasso-python-2.5.1-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lasso / lasso-devel / lasso-python');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-08T12:19:59", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1057-1 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : lasso (openSUSE-SU-2021:1057-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-07-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:liblasso-devel", "p-cpe:/a:novell:opensuse:liblasso3", "p-cpe:/a:novell:opensuse:python3-lasso", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1057.NASL", "href": "https://www.tenable.com/plugins/nessus/151822", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1057-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151822);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/20\");\n\n script_cve_id(\"CVE-2021-28091\");\n\n script_name(english:\"openSUSE 15 Security Update : lasso (openSUSE-SU-2021:1057-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:1057-1 advisory.\n\n - Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. (CVE-2021-28091)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186768\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NVAZRUCJGDCHRY6W5ARRO5NRB27JQCR6/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a0dd405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblasso-devel, liblasso3 and / or python3-lasso packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblasso-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblasso3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-lasso\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'liblasso-devel-2.6.1-lp152.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblasso3-2.6.1-lp152.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-lasso-2.6.1-lp152.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblasso-devel / liblasso3 / python3-lasso');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T16:20:29", "description": "Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-04T15:15:00", "type": "cve", "title": "CVE-2021-28091", "cwe": ["CWE-347"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-12-02T13:55:00", "cpe": ["cpe:/o:fedoraproject:fedora:34", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-28091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28091", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2021-10-19T20:36:21", "description": "The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.\n\nSecurity Fix(es):\n\n* lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-02T14:32:12", "type": "redhat", "title": "(RHSA-2021:2989) Important: lasso security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-08-02T14:55:22", "id": "RHSA-2021:2989", "href": "https://access.redhat.com/errata/RHSA-2021:2989", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T18:41:19", "description": "The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.\n\nSecurity Fix(es):\n\n* lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-11-09T09:01:05", "type": "redhat", "title": "(RHSA-2021:4325) Moderate: lasso security and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-11-09T14:09:34", "id": "RHSA-2021:4325", "href": "https://access.redhat.com/errata/RHSA-2021:4325", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-03-21T07:36:34", "description": "Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-04T15:15:00", "type": "debiancve", "title": "CVE-2021-28091", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-04T15:15:00", "id": "DEBIANCVE:CVE-2021-28091", "href": "https://security-tracker.debian.org/tracker/CVE-2021-28091", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2021-09-08T22:27:49", "description": "**Issue Overview:**\n\nAn XML Signature Wrapping (XSW) vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-28091)\n\n \n**Affected Packages:** \n\n\nlasso\n\n \n**Issue Correction:** \nRun _yum update lasso_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 lasso-python-2.5.1-8.6.amzn1.i686 \n \u00a0\u00a0\u00a0 lasso-debuginfo-2.5.1-8.6.amzn1.i686 \n \u00a0\u00a0\u00a0 lasso-devel-2.5.1-8.6.amzn1.i686 \n \u00a0\u00a0\u00a0 lasso-2.5.1-8.6.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 lasso-2.5.1-8.6.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 lasso-devel-2.5.1-8.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lasso-debuginfo-2.5.1-8.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lasso-python-2.5.1-8.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lasso-2.5.1-8.6.amzn1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-02T22:54:00", "type": "amazon", "title": "Important: lasso", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-09-08T19:16:00", "id": "ALAS-2021-1529", "href": "https://alas.aws.amazon.com/ALAS-2021-1529.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-25T19:35:04", "description": "**Issue Overview:**\n\nAn XML Signature Wrapping (XSW) vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-28091)\n\n \n**Affected Packages:** \n\n\nlasso\n\n \n**Issue Correction:** \nRun _yum update lasso_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 lasso-2.5.1-5.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 lasso-devel-2.5.1-5.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 lasso-python-2.5.1-5.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 lasso-debuginfo-2.5.1-5.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 lasso-2.5.1-5.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 lasso-devel-2.5.1-5.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 lasso-python-2.5.1-5.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 lasso-debuginfo-2.5.1-5.amzn2.0.1.i686 \n \n src: \n \u00a0\u00a0\u00a0 lasso-2.5.1-5.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 lasso-2.5.1-5.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 lasso-devel-2.5.1-5.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 lasso-python-2.5.1-5.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 lasso-debuginfo-2.5.1-5.amzn2.0.1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-16T20:37:00", "type": "amazon", "title": "Important: lasso", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-22T22:22:00", "id": "ALAS2-2021-1660", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1660.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2022-01-27T03:45:48", "description": "It was discovered that Lasso did not properly verify that all \nassertions in a SAML response were properly signed. An attacker \ncould possibly use this to impersonate users or otherwise bypass \naccess controls.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-02T00:00:00", "type": "ubuntu", "title": "Lasso vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-02T00:00:00", "id": "USN-4974-1", "href": "https://ubuntu.com/security/notices/USN-4974-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2021-10-21T18:12:57", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4926-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 03, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lasso\nCVE ID : CVE-2021-28091\n\nIt was discovered that lasso, a library which implements SAML 2.0 and\nLiberty Alliance standards, did not properly verify that all assertions\nin a SAML response were properly signed, allowing an attacker to\nimpersonate users or bypass access control.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.6.0-2+deb10u1.\n\nWe recommend that you upgrade your lasso packages.\n\nFor the detailed security status of lasso please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/lasso\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-03T20:22:41", "type": "debian", "title": "[SECURITY] [DSA 4926-1] lasso security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-03T20:22:41", "id": "DEBIAN:DSA-4926-1:641F1", "href": "https://lists.debian.org/debian-security-announce/2021/msg00109.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T10:18:50", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2684-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Yadd\nJune 10, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : lasso\nVersion : 2.5.0-5+deb9u1\nCVE ID : CVE-2021-28091\n\nA vulnerability was discovered in lasso, a library for Liberty Alliance\nand SAML protocols, which results to a improper verification of a\ncryptographic signature.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2.5.0-5+deb9u1.\n\nWe recommend that you upgrade your lasso packages.\n\nFor the detailed security status of lasso please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/lasso\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-10T05:49:35", "type": "debian", "title": "[SECURITY] [DLA 2684-1] lasso security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-10T05:49:35", "id": "DEBIAN:DLA-2684-1:216CB", "href": "https://lists.debian.org/debian-lts-announce/2021/06/msg00013.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-03T03:10:42", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2684-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Yadd\nJune 10, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : lasso\nVersion : 2.5.0-5+deb9u1\nCVE ID : CVE-2021-28091\n\nA vulnerability was discovered in lasso, a library for Liberty Alliance\nand SAML protocols, which results to a improper verification of a\ncryptographic signature.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2.5.0-5+deb9u1.\n\nWe recommend that you upgrade your lasso packages.\n\nFor the detailed security status of lasso please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/lasso\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-10T05:49:35", "type": "debian", "title": "[SECURITY] [DLA 2684-1] lasso security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-10T05:49:35", "id": "DEBIAN:DLA-2684-1:8D224", "href": "https://lists.debian.org/debian-lts-announce/2021/06/msg00013.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-16T11:36:47", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4926-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 03, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lasso\nCVE ID : CVE-2021-28091\n\nIt was discovered that lasso, a library which implements SAML 2.0 and\nLiberty Alliance standards, did not properly verify that all assertions\nin a SAML response were properly signed, allowing an attacker to\nimpersonate users or bypass access control.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.6.0-2+deb10u1.\n\nWe recommend that you upgrade your lasso packages.\n\nFor the detailed security status of lasso please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/lasso\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-03T20:22:41", "type": "debian", "title": "[SECURITY] [DSA 4926-1] lasso security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-03T20:22:41", "id": "DEBIAN:DSA-4926-1:BFB2D", "href": "https://lists.debian.org/debian-security-announce/2021/msg00109.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "Lasso is a library that implements the Liberty Alliance Single Sign On standards, including the SAML and SAML2 specifications. It allows to handle the whole life-cycle of SAML based Federations, and provides bindings for multiple languages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-11T01:20:08", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: lasso-2.7.0-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-11T01:20:08", "id": "FEDORA:D37E330B2DDC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YSVWOHBBWLI2RB5C6TXINFEJRT4YSD3D/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "veracode": [{"lastseen": "2022-06-10T16:57:42", "description": "Lasso has insecure cryptographic functions. The vulnerability exists due to the lack of sanitization in the `mod_auth_mellon`.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-13T15:38:08", "type": "veracode", "title": "Insecure Cryptographic Function", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-12-02T16:10:51", "id": "VERACODE:31638", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31638/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "f5": [{"lastseen": "2022-02-01T00:00:00", "description": "Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. ([CVE-2021-28091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28091>)) \n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-07T01:06:00", "type": "f5", "title": "Lasso XML signature wrapping vulnerability CVE-2021-28091", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-07T01:06:00", "id": "F5:K02151228", "href": "https://support.f5.com/csp/article/K02151228", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "almalinux": [{"lastseen": "2022-05-12T14:58:05", "description": "The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.\n\nSecurity Fix(es):\n\n* lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-09T09:01:05", "type": "almalinux", "title": "Moderate: lasso security and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-11-12T10:20:56", "id": "ALSA-2021:4325", "href": "https://errata.almalinux.org/8/ALSA-2021-4325.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "rocky": [{"lastseen": "2022-03-02T15:15:06", "description": "An update for lasso is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\nThe lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-11-15T07:24:20", "type": "rocky", "title": "lasso security and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-11-15T07:24:20", "id": "RLSA-2021:4325", "href": "https://errata.rockylinux.org/RLSA-2021:4325", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cisco": [{"lastseen": "2021-09-30T16:32:21", "description": "On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application.\n\nFor a description of this vulnerability, see lasso.git NEWS [\"https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0\"].\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lasso-saml-jun2021-DOXNRLkD [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lasso-saml-jun2021-DOXNRLkD\"]", "cvss3": {}, "published": "2021-06-01T12:30:00", "type": "cisco", "title": "Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-28091"], "modified": "2021-09-30T14:51:31", "id": "CISCO-SA-LASSO-SAML-JUN2021-DOXNRLKD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lasso-saml-jun2021-DOXNRLkD", "cvss": {"score": 8.8, "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "akamaiblog": [{"lastseen": "2021-11-11T02:36:59", "description": "In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access (EAA) platform.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-01T04:00:00", "type": "akamaiblog", "title": "Akamai EAA Impersonation Vulnerability - A Deep Dive", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-01T04:00:00", "id": "AKAMAIBLOG:44CC4E284FE147FD746BD36DBA35B2F0", "href": "https://www.akamai.com/blog/news/akamai-eaa-impersonation-vulnerability-a-deep-dive", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-11T08:38:38", "description": "In this post, we cover the technical details of [CVE-2021-28091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28091>), the vulnerability impacting Akamai's Enterprise Application Access (EAA) platform. We cover our investigation, remediation and disclosure process for the vulnerability. For an overview of the vulnerability, the impact to Akamai, the impact to EAA customers and actions required, please see our [companion report](<https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html>).\n\n## Overview\n\nIn this section, we will walk you through the history and anatomy of this vulnerability. Some readers may wish to skip this section for now and go directly to the Actions Required section, using this Overview for reference in any assessments that they need to conduct or for future reviews.\n\nPrior to Akamai's acquisition of the EAA technology through its acquisition of Soha Systems in 2016, a key feature was introduced to the platform allowing customers of the platform to make access control and authentication decisions based on identity information provided by a third-party identity provider. The EAA platform offers multiple methods for third-party identity integration. The notable method for this report is support for the Security Assertion Markup Language (SAML) v2.0 authentication protocol.\n\nSAML is a widely used, open standard. SAML allows an Identity Provider (IdP) to assert, by cryptographically signing and returning, to a Service Provider (SP) through the client presenting an assertion object from the IdP to the SP within a defined time period. (See the Background section below for more information.)\n\nWhen third-party IdP support was added to EAA, the developers selected the open source library Lasso to implement SAML support within the platform. Based on Akamai's assessment of the code where Lasso verifies the SAML responses provided to it as a SP, we believe that at the time of initial integration, the developers implementing the third-party IdP feature did so in a reasonable way based on the test cases provided with the library. Further investigation revealed that the test suite used to exercise Akamai's implementation was not rigorous enough to identify this impersonation vulnerability or similar weaknesses in the authentication process. This shortcoming has been addressed as part of our response by expanding the test suite applied to new releases of the product to include all combinations of valid and invalidly signed responses and/or assertions as well as unsigned assertions and responses. These new tests are part of the standard QA process going forward.\n\nIn the following sections of the report, we break down the various weaknesses and contributing factors which made up the overall vulnerability. Our goal in providing this level of transparency is to help others understand the steps taken by Akamai and to allow them to avoid similar circumstances in their own environments.\n\n## System testing and assessment\n\nUnit tests, integration tests, and regression tests are a critical aspect of any software development lifecycle (SDLC). While the sub-component which was implemented did have all of these testing methods associated with it, we have clearly learned that the tests were not rigorous enough. Additionally this incident has illuminated an oversight where some third-party libraries are incorporated into projects under the false assumption that the SDLC of the dependence is itself rigorous and will be informed by domain specific discoveries such as vulnerabilities in similar libraries.\n\nWhile a rigorous SDLC for each component and each of its dependencies is necessary, often the testing incorporated in the component development and Quality Assurance (QA) plan is not sufficient. To supplement this testing, adversarial assessments, such as penetration tests or third party code reviews, can be employed. In the case of EAA, multiple external security and vulnerability assessments of the EAA platform have been conducted over the lifetime of the product, often by customers. Despite this, the report that started this response was the first time that this vulnerability had been reported to Akamai. Akamai has conducted targeted assessments against other portions of the EAA platform and its client application, but this specific component has not been subject to that level of scrutiny.\n\n## Avoiding premature disclosure\n\nEarly in this incident response process, Akamai started to write a high level customer notification to guide customers to start the investigations suggested in the Actions Required section in the [companion post](<https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html>). In a pre-publication review of that document, Akamai staff who were not informed about the vulnerability were provided a copy of the customer-facing messaging. Within an hour of the message being provided, our reviewers were able to identify the protocol affected (SAML), affected package (Lasso), and with some recent activity from the Lasso project maintainer, a guess at what the vulnerability was. This revelation put an immediate pause to our partial notification plans to abide by the principles of responsible disclosure. \n\nAfter further conversations with our reviewers, the incident team was able to learn the process by which they made these discoveries. A key finding reported by the reviewers was the error message returned by the IdP when an error condition occurred. Up until the fix for the vulnerability was released, SAML failures would return an error page which exposed the Lasso error to the end user, as seen in the image below. Forwarding an error, especially for critical security processes like authentication, is counter to best practices, which is why the error will not be visible to the end users starting in this release. \n\n[](<https://blogs.akamai.com/403%20Forbidden.png>)\n\n## Vulnerability\n\nAfter Akamai's engineers had identified the weakness in the Lasso library, a targeted review of the Lasso codebase was undertaken. Before a report was provided to the maintainers of the library, the engineering team was able to recreate the vulnerability using none of our application specific code. The patch applied by the maintainer can be found [here](<https://git.entrouvert.org/lasso.git/commit/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a>).\n\nIn coordination with the Lasso maintainers, Akamai reserved CVE ID [CVE-2021-28091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28091>). The associated CVSS score for the CVE ID published is [8.2](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C&version=3.1>). Also in coordination with the Lasso maintainers, Akamai reported this issue to CERT/CC who ran the coordinated disclosure process.\n\n## Background\n\nTo fully understand this issue, a working understanding of the SAML authentication process is helpful. An approachable introduction to this topic is [The Beer Drinker's Guide to SAML](<https://duo.com/blog/the-beer-drinkers-guide-to-saml>) published by DUO.\n\nAt the center of all of this lies the weakness which could be exploited by the attacker. To explain the issue in further detail, we start by covering how a SAML response is interpreted in the patched version of the library. We then discuss the cases where the weakness could be used to impersonate another user.\n\nAfter a user authenticates to a SAML IdP, the IdP returns the SAML response to the SP through a method which is pre-negotiated by the SP and IdP administrators. Often this is achieved by using the client as an intermediary. The SP verifies that the client is authorized through this SAML response. \n\nSAML assertions are an XML document which will have roughly this form:\n\n<samlp:Response>\n\n<saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>\n\n<saml:Assertion>\n\n<saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>\n\n<ds:Signature>\n\n... Assertion Signature ...\n\n</ds:Signature>\n\n<saml:AttributeStatement>\n\n<saml:Attribute Name=\"uid\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\">\n\n<saml:AttributeValue xsi:type=\"xs:string\">test</saml:AttributeValue>\n\n</saml:Attribute>\n\n<saml:Attribute Name=\"eduPersonAffiliation\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\">\n\n<saml:AttributeValue xsi:type=\"xs:string\">users</saml:AttributeValue>\n\n</saml:Attribute>\n\n</saml:AttributeStatement>\n\n</saml:Assertion>\n\n</samlp:Response>\n\nThe above XML document has been simplified for the purposes of this report, but the structure is the same. The outer, 'parent' document is the SAML response including metadata about the request and an Assertion document. The Assertion, also called a SAML Assertion, is the data being provided from the IdP to the SP for use in the authentication process. Multiple assertions may be present in a single SAML response. In the above example, the contents of the ds:Signature brackets is a cryptographic signature over the contents in the parent object, which is the Assertion in this case. The same signature object can also be applied to the entire response object. The purpose of the signature is to allow the SP to validate that the data contained in the Assertion or response is legitimate and provided by the IdP. In the case of the Assertion, the signature only applies to all data contained within the Assertion, like a username, an email address, or group membership indications. Signatures applied at the response level apply to the full contents of the response and all assertions therein.\n\nVerification of the various signatures in the SAML response is entrusted to the SP and is often configured at the time that the IdP is configured to communicate with the application. In our response to this issue, we believe that the default verification conditions for SAML responses should be as follows.\n\n * When the entire SAML response is validly signed, all of the assertions in the response must be correctly signed or have no signature. If any invalid signatures are found, the verification must fail. This method relies on the IdP to be authoritative for the entire message body, which is signed.\n * When the SAML response is unsigned, all assertions in the response must be correctly signed, otherwise the verification must fail.\n * When the SAML response has an invalid signature, the verification must fail.\n\nThe above processing conditions are what Akamai's proposed patch to Lasso implemented.\n\nThe report provided to Akamai at the start of this issue showed the researcher submitting two SAML assertions in a single SAML response, the first was validly signed but the second was unsigned. The default configuration for Lasso had the following default verification conditions.\n\n * If the first SAML assertion in the response was validly signed, the verification passed, without regard for the full SAML response signature being valid or not.\n * If the first SAML assertion was invalidly signed, the verification failed.\n * If the SAML response was validly signed and none of the assertions were signed, the verification passed.\n * Otherwise the verification would fail.\n\nTo complicate matters, when the response was deemed valid by the library, the function to retrieve the assertion from the SAML response would return the last assertion in the response object, irrespective of it having a valid signature. By way of example, say an attacker obtains a valid SAML response with a single assertion from an IdP, like the one above, and adds the following as a second assertion:\n\n<saml:Assertion>\n\n<saml:AttributeStatement>\n\n<saml:Attribute Name=\"uid\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\">\n\n<saml:AttributeValue xsi:type=\"xs:string\">superuser</saml:AttributeValue>\n\n</saml:Attribute>\n\n<saml:Attribute Name=\"eduPersonAffiliation\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\">\n\n<saml:AttributeValue xsi:type=\"xs:string\">admins</saml:AttributeValue>\n\n</saml:Attribute>\n\n</saml:AttributeStatement>\n\n</saml:Assertion>\n\nIn the case where the user provided is valid for the organization but has more privileges, they would then have the combined SAML response for submission to the SP:\n\n<samlp:Response>\n\n<saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>\n\n<saml:Assertion>\n\n<ds:Signature>\n\n... Assertion Signature ...\n\n</ds:Signature>\n\n<saml:AttributeStatement>\n\n<saml:Attribute Name=\"uid\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\">\n\n<saml:AttributeValue xsi:type=\"xs:string\">test</saml:AttributeValue>\n\n</saml:Attribute>\n\n<saml:Attribute Name=\"eduPersonAffiliation\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\">\n\n<saml:AttributeValue xsi:type=\"xs:string\">users</saml:AttributeValue>\n\n</saml:Attribute>\n\n</saml:AttributeStatement>\n\n</saml:Assertion>\n\n<saml:Assertion>\n\n<saml:AttributeStatement>\n\n<saml:Attribute Name=\"uid\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\">\n\n<saml:AttributeValue xsi:type=\"xs:string\">superuser</saml:AttributeValue>\n\n</saml:Attribute>\n\n<saml:Attribute Name=\"eduPersonAffiliation\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\">\n\n<saml:AttributeValue xsi:type=\"xs:string\">admins</saml:AttributeValue>\n\n</saml:Attribute>\n\n</saml:AttributeStatement>\n\n</saml:Assertion>\n\n</samlp:Response>\n\nWhen Lasso attempted to validate this SAML response, the result would be that the response was valid. When the calling application retrieved the assertion from the above response, the assertion with the User ID (uid) of superuser would be returned and likely assumed as a valid assertion. In addition to the example shown above, if the SAML response itself had a valid signature, this same method of impersonation would be possible. This was the case with EAA's processing of SAML responses. \n\n## Conditions of exploitation\n\nIn order for the SAML response to be modified prior to submission to the SP, one of the following conditions must occur:\n\n * The legitimate client, controlled by a valid authorized user and through which a SAML response is redirected, must alter the SAML response by injecting the additional assertion document as part of the SAML response. For example, this could be via a malicious browser extension or other malware on the client system, sometimes referred to as a \"Man-in-the-Browser attack\".\n * An attacker must obtain a valid copy of a SAML response which is still valid, either by still having time before the assertion expires or, in some applications, the assertion has not yet been presented to the SP. For example, an intermediate party can intercept and modify a SAML response through a proxy, often referred to as a \"Man-in-the-Middle attack\".\n * An unauthorized client either knows or is able to guess the login information of an authorized user. Login information can be collected through many processes, including Phishing, Password Breaches, Guessing, or Brute Force attacks.\n\nEach of the above conditions could result in a user's session becoming compromised, and if the SAML implementation is flawed as stated above, the SP would be vulnerable to an impersonation attack.\n\n### History of the vulnerability\n\nThis same vulnerability, known as XML Signature Wrapping, has been reported [time](<http://shibboleth.net/pipermail/dev/2013-January/001296.html>) and [time](<https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf>) and [time](<https://github.com/onelogin/java-saml/issues/78>) again. \n\nReview of the Lasso repositories indicates that the weakness in the library has been incorporated into the codebase as early as November 2005, well before our incorporation of the library and also before the release of the previous vulnerabilities announced to other platforms.\n\nWe also noticed during the investigation that the maintainers of the Lasso library had made a [commit](<https://git.entrouvert.org/lasso.git/commit/?id=bc5dbd754a25d55f44d1d497a8d9e90ca22bfa09>) to the project shortly after the notice of the issue was sent to Akamai. In discussions with the reporter, this commit was not related at all to their report but was merely coincidental.\n\nThe fix that was proposed on February 24th, 2021 did partially resolve the impact of the exploit, but after further review we determined it was not a complete fix, which is why our patch was ultimately proposed to the maintainers.\n\n## A look at Akamai's incident response\n\nAkamai follows a formal incident response process. Incidents are regularly handled by cooperative effort among engineering/systems development, network operations, and customer support personnel. In general, the more severe the incident, the more people are involved to work on it, and the more it is prioritized over planned operations and work. In all incidents, Akamai's goal is to: \n\n * Limit the impact of the problem, \n * Ensure continued, safe operation of our systems,\n * Ensure the continued, safe and care of our incident responders,\n * Keep customers happy and their data secure,\n * Adhere to various laws and regulations,\n * Ensure that we are able to learn and improve from whatever hazards allowed the incident to occur.\n\nAs we described above, we engaged our incident response process upon notification of this vulnerability. That process allowed Akamai to align technical resources, communicate with internal stakeholders and management, communicate with external stakeholders, and coordinate all activities related to the incident in a timely and effective manner.\n\n### Patching & deployment process\n\nThe process of developing a fix for this vulnerability, and deploying the patch on the EAA network was very similar to the normal process followed for planned upgrades, only with a much smaller change and a much faster timeline.\n\nWithin the first hours of incident response, we prepared a draft timeline for the fix with a few key decisions taken into account. That timeline was, following the fix being ready, the QA process was expected to take 3 days following the standard QA process, and the deployment phase would be 48 hours. Following the deployment phase, we planned the communication of the issue in the form of a blog post and customer notifications. These timelines could have been accelerated, but as there was no evidence of active exploitation, we prioritized the stability of our network and ensured that our customers remained stable through the full process.\n\nAfter the initial triage of the issue, the engineering team approached the fix via two paths, both using different engineering and QA resources. \n\nOne team investigated and developed a partial fix for the issue, closing the reported issue and constraining the requirements on the processing of SAML responses to what we believe is the normal presentation of a SAML response with an assertion. This method may have resulted in some responses from some IdPs being denied even if they were valid and safe. This approach also had the option to disable the more strict checking on a per customer basis to allow the rest of the customer base to be protected in the event of an unexpected interaction with a small number of IdPs.\n\nThe other team took a similar approach to the first team, but rather than a configurable, partial fix, worked on what we believe to be a complete fix. Their approach was scrutinized to ensure that all well-formed and correctly signed SAML responses would be accepted, reducing the complexity required to allow customers to be downgraded.\n\nWe took this concurrent approach because it would allow for one path to be blocked or run into QA challenges while still allowing the deployment of a fix. Late in the day on February 24th, US Eastern time, we expected the partial fix to be ready for QA three days after the incident started, while the full fix was expected to take a week longer to develop. Work continued overnight into the 25th where the progress report from the engineering team showed that the full fix option was progressing well and expected to ultimately be faster to develop and less complex to test.\n\nUltimately the full fix option was handed off to the QA team about a day before the partial fix was. Once the first option was handed over to the QA team, a patch notification to all EAA customers was posted noting the expected deployment timeframe.\n\nThis status remained the same through the QA process. Slightly ahead of the maintenance window, the full fix received QA team signoff, clearing the way for the deployment.\n\nThe deployment process started with a very lightly loaded Point of Presence (POP) upon which we ran an extended regression suite with the traffic being monitored carefully for potential disruption to customers. Another lightly loaded POP was upgraded, with a reduced testing process and a period of monitoring. In the early hours of the day on March 2nd, the POPs serving Akamai's internal EAA deployment were upgraded to allow for more load testing with our nearly 8000 end users. When we saw no issues with any of the deployments up to that time, the rest of the POPs were upgraded over the remaining 36 hours of the maintenance window, ultimately completing the deployment process before the close of the maintenance window. \n\nDuring the upgrade process, most users who were interacting with their EAA applications likely saw one or more re-authentication interactions. These typically consist of a temporary session interruption and a redirect to their IdP in order to enter their credentials before being returned to their normal work. Users of the EAA Client may have also observed this behavior. The re-authentication attempts were clustered by EAA customers during the deployment. Following the code upgrade on each POP, the session cache that EAA maintains was cleared, which would, over a 5 minute window, trigger a re-authentication for all requests. Once re-authenticated, we observed no further impact on the end users.\n\n### Managing the incident team\n\nOne key aspect to developing, verifying and safely deploying the fix to our network for significant issues like this includes a careful focus in caring for the team working on an issue. Akamai's incident management process and the accompanying training include guidance on how to limit burnout for the technical and management teams who respond to an incident. This guidance includes verifying that the incident team:\n\n * Eat (regularly)\n * Sleep (ideally a full 'night' of sleep)\n * Tend to personal obligations\n * Stay healthy (COVID-19 Vaccines, exercise)\n\nWhile remediating the incident at hand is critical, we find that keeping up with team care during the whole process aids in reaching a safer destiny for the impacted product and/or system, while also reducing the number of avoidable errors, and potentially customer impacting events often associated with high stress incident response.\n\nAnother key aspect of Akamai's incident management process is the principle that we're all in this together, and we're not going to blame anyone now or in the future. The incident team works together to solve the issue, whatever it may be in the best way we can, focusing on reducing impact first, then figuring out how to prevent it from happening again. Akamai focuses on finding the assumptions which led to an incident, learning from those incomplete assumptions, and making the appropriate modifications to reduce the chances of that or similar events happening again.\n\n## Actions required\n\nSystem owners who rely on Lasso for their SAML authentication should patch as soon as possible. Additional actions may be required to investigate the impact on the authenticated systems. Further information on what actions may be required can be found in the Actions Required section of the [companion post](<https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html>) to this writeup.\n\n## Timeline\n\nTimestamp (All UTC)\n\n| \n\nActivity \n \n---|--- \n \n2230 - 23 Feb 2021\n\n| \n\nExternal vulnerability report sent to Akamai's Information Security Group \n \n1222 - 24 Feb 2021\n\n| \n\nAkamai's Information Security Team decrypted the report and began investigation of the issue \n \n1242 - 24 Feb 2021\n\n| \n\nResponders initiated the Akamai Incident Management Process, gathering the necessary parties to investigate and fix the issue. \n \n2000 - 24 Feb 2021\n\n| \n\nThe issue was successfully recreated by the engineering team. \n \n0132 - 27 Feb 2021\n\n| \n\nPatching notification posted to Akamai Control Center \n \n1500 - 1 Mar 2021\n\n| \n\nFirst contact with the maintainer of Lasso \n \n0100 - 2 Mar 2021\n\n| \n\nDeployment of fix begins \n \n1126 - 2 Mar 2021\n\n| \n\nAkamai's production service was upgraded to conduct rigorous testing of the upgrade \n \n2134 - 2 Mar 2021\n\n| \n\nResearchers confirmed that their exploit was not possible on the patched systems. \n \n2336 - 4 Mar 2021\n\n| \n\nDeployment of fix complete \n \n1646 - 8 Mar 2021\n\n| \n\nCVE ID CVE-2021-28091 Reserved \n \n1747 - 8 Mar 2021\n\n| \n\nInitial contact with CERT/CC to report the vulnerability. \n \n1200 - 1 Jun 2021\n\n| \n\nEmbargo Completed \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-01T13:00:30", "type": "akamaiblog", "title": "Akamai EAA Impersonation Vulnerability - A Deep Dive", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-01T12:27:44", "id": "AKAMAIBLOG:5018B9E2A5B1EEF201EB8F54A9EACE54", "href": "http://feedproxy.google.com/~r/TheAkamaiBlog/~3/977f0vsTM70/akamai-eaa-impersonation-vulnerability---a-deep-dive.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-11T08:38:38", "description": "Part of Akamai's incident management process for vulnerabilities in third party software involves verifying potential impact in other systems using the same or similar libraries. While following that process when addressing the SAML impersonation vulnerability, [CVE-2021-28091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28091>), which impacted Akamai's Enterprise Application Access (EAA) platform, incident responders assessed the impact on other Akamai software including the code maintained by Inverse, who Akamai recently acquired.\n\nDuring the impact review of Inverse, we determined that the [SOGo](<https://www.sogo.nu>) and [PacketFence](<https://www.packetfence.org>) packages use the vulnerable [Lasso](<https://lasso.entrouvert.org>) library and were impacted. SOGo and PacketFence are both open source packages which offer paid support contracts. Both packages use the Lasso library to integrate with SAML Identity Providers (IdPs), and thus were vulnerable to [CVE-2021-28091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28091>) when SAML was used to authenticate users. The SOGo package both used the vulnerable Lasso library and had its own vulnerability related to the way it used the Lasso library, which has been assigned the CVE ID [CVE-2021-33054](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33054>). In both cases, only deployments which use SAML to authenticate its users were impacted by these vulnerabilities. We explain the impact and actions required for each package below.\n\n## PacketFence impact\n\nThe PacketFence package uses Lasso to parse SAML responses when SAML is used to authenticate users on its captive portal. The vulnerability in the Lasso library potentially allowed actors with access to a well-formed SAML response for an organization--typically, authenticated users but potentially compromised endpoints or malicious proxies--to modify their identity and impersonate another user within the same organization. \n\n## PacketFence actions required\n\nAkamai recommends that administrators of PacketFence deployments update their versions of Lasso to version 2.7.0 or later, which is available on the Lasso project page. This should be available shortly, if not already, from the major Linux package managers as well. After patching, the PacketFence process would need to be restarted to ensure that the update is completed.\n\nFor deployments of PacketFence which use SAML to authenticate users, Akamai recommends the following actions after updating the Lasso dependency:\n\n 1. Removing all existing authorizations for all devices which have been authenticated using SAML, triggering re-authentication of all devices.\n 2. Review PacketFence's access configurations to assess if an impersonated user would have allowed additional access to resources on your network beyond what the legitimate user would have been able to access.\n 3. For cases where there may be unauthorized access, review those applications further. Review of access logs or other related information may help identify potentially unexpected changes.\n\n## SOGo impact\n\nThe SOGo package uses Lasso to parse SAML responses when SAML is used to authenticate end users to its services. In reviewing SOGo's source code, Akamai identified an additional vulnerability which has been assigned the CVE ID [CVE-2021-33054](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33054>). As with PacketFence, this vulnerability is related to authenticating users, but after the investigation, we determined that SOGo was not validating the signatures of any SAML assertions it received. This means any actor with network access to the deployment could impersonate users when SAML was the authentication method. This vulnerability was introduced on April 5th, 2013 when [this commit](<https://github.com/inverse-inc/sogo/commit/5487f34b9ee9b9639e3f1d4a7abf4fad2d240d66>) was made, disabling verification of SAML responses. This vulnerability was fixed in [this commit](<https://github.com/inverse-inc/sogo/commit/e53636564680ac0df11ec898304bc442908ba746>) and a new release of the SOGo package, version v5.1.1 has been released including this fix. For users still on the v2 release of SOGo, v2.4.1 was also released which includes a fix for this vulnerability.\n\n## SOGo actions required\n\nAkamai recommends that administrators of SOGo deployments update SOGo to version 2.4.1 or version 5.1.1 or later and to update the Lasso library to version 2.7.0 or later. The fix to SOGo has been pushed to the SOGo repository in GitHub. Updated versions of Lasso should be available in most major Linux package managers, if not already available, in the next day or so as well. It is imperative that both updates are completed in order to fix the SOGo specific vulnerability and the vulnerability in Lasso for deployments using SAML. After patching, the SOGo process would need to be restarted to ensure that the update is completed.\n\nFor deployments of SOGo which use SAML to authenticate users, Akamai recommends the following actions after updating SOGo and the Lasso library:\n\n 1. Invalidate all current user sessions to the service. Instructions on how to do this can be found [here](<https://www.sogo.nu/support/faq/how-to-invalidate-all-users-sessions.html#/faq>).\n 2. Administrators should review their access logs for potentially inconsistent accesses to their SOGo deployments which may be indicative of impersonated access. Impersonated access would not be directly visible in the application logs as conditions that would indicate exploitation of this vulnerability were not logged.\n\n## Additional notes\n\nBecause these vulnerabilities are directly linked to the Lasso-related [EAA vulnerability](<https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html>), Akamai included the impact to SoGo and PacketFence in the embargoed disclosure statement. While a partial fix to the SOGo package would have been possible prior to the publication date, publishing the partial SOGo fix may have resulted in extra scrutiny of the Lasso library. This could have accelerated the responsible disclosure timeline, endangering the patching of other impacted parties.\n\nFor a detailed overview of the Lasso vulnerability, we have posted the vulnerability details in a [companion blog post](<https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html>).\n\nSOGo and PacketFence users with support contracts who have questions about the fixes should contact Inverse's support team through the [web portal](<https://www.inverse.ca/mantis/>) or their support phone number.\n\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-01T13:00:45", "type": "akamaiblog", "title": "SOGo and PacketFence Impacted by SAML Implementation Vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091", "CVE-2021-33054"], "modified": "2021-06-01T12:58:51", "id": "AKAMAIBLOG:50608CFD3F934F1EF6419BBE9A8D3267", "href": "http://feedproxy.google.com/~r/TheAkamaiBlog/~3/DrpZ4hYgTms/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-11T08:38:38", "description": "This blog post provides an overview of a vulnerability discovered in Akamai's Enterprise Application Access (EAA) product which has been patched. This vulnerability could have allowed an actor to impersonate an authorized user when interacting with an application that used Security Assertion Markup Language Version 2 (SAMLv2, referred to as SAML in this document) to authenticate users. \n\nFollowing the initial notification from a third party, Akamai engineers identified that the vulnerability was in [Lasso](<https://lasso.entrouvert.org/>), a third-party, open source library which implements the SAML v2.0 authentication protocol. Lasso is the library that Akamai EAA uses to verify SAML assertions for applications when a customer configures SAML authentication with third-party identity provider(s) (IdPs). Further investigation of the Lasso library determined that the weakness had a wider impact on other software which has Lasso as a dependency. \n\nA comprehensive fix was deployed to the EAA network as of March 4th, 2021. No updates were required for the EAA connector appliances or the EAA Client. Akamai has determined that the [SOGo](<https://www.sogo.nu/>) and [PacketFence](<https://www.packetfence.org/>) packages maintained by Inverse, a company recently acquired by Akamai, also depend on Lasso for deployments using SAML for authentication. The SOGo package was also subject to another independent but related vulnerability, [CVE-2021-33054](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33054>). Information about the impact on SOGo and PacketFence may be found [here](<https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html>). We have verified that all other external facing applications provided by Akamai, including Akamai Control Center, are not vulnerable to this attack vector. \n\nThe Lasso vulnerability has been assigned the CVE ID [CVE-2021-28091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28091>). Due to the severity of this vulnerability, Akamai is urging all EAA customers who make use of the third-party SAML authentication feature of EAA for their applications to review their systems for potential past impersonation attacks by an internal actor. Akamai is also urging all users of the Lasso library or software that depends on Lasso to review [their announcement](<https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0>) and patch as soon as possible and to review their applications for impersonated access. The fix is available in Lasso 2.7.0. Suggestions on how to conduct an investigation into potentially affected systems are listed in the Actions Required section below. \n\nDetailed information about the vulnerability is documented in a [companion technical blog](<https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html>) covering the in-depth technical details as well as the discovery, triage, patching, and notification processes for this vulnerability.\n\nAs part of the fix, Akamai added logging for incorrectly signed SAML responses. At the time of publication, all cases of incorrectly signed SAML responses logged on the EAA platform were not indications of compromise, but related to configurations being set up, where failures are expected, and tests to verify that the vulnerability had been fixed.\n\n## A brief explanation of the vulnerability\n\nThis vulnerability would have been triggered when a SAML response was provided to a SAML Service Provider (SP) which had an additional, unsigned assertion appended to the end of the SAML response body. This behavior was possible when an actor injected an unsigned, but otherwise well-formed, assertion for another user at the end of the SAML response document.\n\nThis vulnerability potentially allowed actors with access to a well-formed SAML response for an organization--typically authenticated users, but potentially compromised endpoints or malicious proxies--to modify their identity and impersonate another user within the same organization. The SAML response, or its individual assertions, could be signed, but the portion of the SAML response inserted by the attacker need not have been signed for the attack to succeed. To exploit this issue, the attacker would need to have had a valid credential for an Identity Provider(s) (IdP) or have obtained the credentials to authenticate as a valid user. We categorize the potential impact in four ways - enabling impersonated network access -- both unauthenticated and authenticated -- impersonated application access, and an alternative Lasso dependency for applications that rely on the Lasso library - as discussed below. \n\n## Vulnerability impact\n\nThe following three impact categories apply to Akamai EAA:\n\n * For EAA configurations where SAML was used to authenticate to Akamai for an access decision for a given application, unauthorized users could have reached the applications over the network, including bypassing application Access Control Lists (ACLs) or other access controls. This is functionally equivalent to the imposter being able to reach the target system on the local area network, which will be referred to as impersonated network access for this report. The risks associated with impersonated network access depend on the type of applications being accessed: \n\n * (1) Unauthenticated Applications: the risks associated are the same as any application where end users have full access by virtue of being on the same local area network. \n\n * (2) Authenticated Applications: the risks for this type of application are inherently lower by virtue of the application implementing its own authentication.\n\n * For EAA configurations which extend credentials to the application itself, through the use of Application-facing Authentication Mechanisms such as Kerberos constrained delegation, Header Authentication, or OpenID Connect, the application session user could impersonate a different user, which will be referred to as (3) impersonated application access for this report.\n\nFor applications which fall into the categories above, only those that use SAML for communication with a third party IdP which provides assertions to Akamai were vulnerable. EAA Applications using other authentication mechanisms like OpenID Connect (OIDC) or OAuth to communicate with third-party IDPs do not use the vulnerable section of Lasso. Additionally, Application configurations using the Akamai IDP feature were not vulnerable to this weakness. Further details about the vulnerability in the library will be discussed in our [companion blog](<https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html>).\n\nReview of our software indicated that this vulnerability has been present in the EAA service since the version 1.0 release in Q1 2014. Investigators should assume that the vulnerability has been present from the time third-party SAML support was added in the Customer's configuration until the 5th of March, 2021 when the patching of the EAA network was complete. \n\nThe final category of exposure applies to entities using the Lasso library. Most applications that rely on the Lasso library for SAML authentication may be subject to this user impersonation vulnerability. This will be referred to as (4) alternative Lasso dependency for this report.\n\n## Identification, patching and disclosure timeline\n\nIn the evening of Tuesday, February 23rd, 2021, Akamai received a notification of this issue from an engineer in Best Buy's Enterprise Information Protection team. Shortly after receiving the notification, Akamai's Information Security team reviewed the report and started our Incident Management process. Between the start of the incident and the customer patch notification early on February 27th, 2021 UTC, Akamai engineers recreated the issue in the report, implemented the fix, and began to investigate customer impact. Akamai published its customer notification about the patch shortly after 1 AM UTC, about an hour after the fix was handed off to our QA team. Our QA team then began the work of verifying the fix and ensuring the stability of the new release ahead of the scheduled rollout. The rollout started on March 2nd and was completed on March 4th.\n\nDuring the investigation and fix stages of the response, we determined that the vulnerability in our platform was related to the Lasso library. Further investigation of the Lasso library determined that the weakness may have a wider impact on other software which has Lasso as a dependency. While working to patch the vulnerability on our network, Akamai's engineers and Akamai's Information Security team started the process to responsibly disclose the issue to the maintainers of the library and other verified users of Lasso. \n\nTo limit the impact to other users of the library, Akamai restricted its distribution of information related to the vulnerability to those involved with patching and coordinated vulnerability disclosure. The restrictions we applied are in line with industry standard responsible disclosure procedures and are intended to reduce the likelihood of further exploitation of the vulnerability.\n\nDuring the time between our patch being fully deployed and this report being published, Akamai worked collaboratively with the Lasso maintainers, downstream consumers of Lasso, and CERT/CC to patch and coordinate the disclosure of this issue to as many impacted parties as reasonable in a safe and timely manner.\n\n## Actions required\n\nAs a result of the impact stated above, we recommend the following actions be taken based on the impact categories listed above. \n\nFor current or former customers, including those with current or former trial deployments, who have at any point used a third-party SAML IdP to authenticate with EAA, the following actions should be taken based on the impact categories:\n\n * Impersonated Network Access for Unauthenticated Applications: Users who are impersonating another user for systems that do not require authentication may have been the target of exploits that attempted to exfiltrate or modify data, system processes or application functionality. Responding to these applications should be treated the same way as if an attacker with access to a valid user credential had direct local area network access to the application in question. If group restrictions or any other user restriction controls were in place for the Application in the EAA portal, the restrictions should be reviewed considering what actions users who violated that control may have been able to take or what security goals were being implemented with that control.\n\n * Impersonated Network Access for Authenticated Applications: much like the prior category, this method would allow for one user to impersonate another user at the network connection level, but by the nature of the application implementing its own access control and authorization outside the EAA system, these applications may require less scrutiny. Barring additional vulnerabilities or weaknesses in the applications own authentication and authorization system, direct network access would not inherently imply that one user could impersonate another. Consideration should be given to these applications as to their potential categorization as having an alternative Lasso dependency (discussed below).\n\n * Impersonated Application Access: Applications in this category should be more carefully scrutinized due to the nature of the vulnerability described in this report. This category may be present in two forms. \n\n * The Application-facing Authentication Mechanisms will forward the improperly verified, impersonated user identity on to the origin application, allowing the actor to take any actions within the target application as if they were the impersonated user. This applies to Web applications that do not implement their own authentication system but rely on the identity assertion from the EAA platform.\n\n * The Remote Desktop Protocol (RDP) Auto-login feature for RDP applications which relies on administrator-provided credentials to access the origin RDP server. When user access to an RDP application is restricted by group membership, one user may impersonate another user in the allowed group, making use of the provided credentials, thus accessing the RDP service as if they were the impersonated user.\n\nAdministrators of the origin system should closely scrutinize those systems to rule out any unexpected software or configurations which may have been installed by an attacker, including malware, rootkits, or kernel extensions. Administrators should also consider if these applications could have allowed someone to pivot to additional access beyond their regular authorization. For persistent, long-lived sessions, administrators should consider terminating all such long-lived connections which started before March 5th, 2021. Additionally, for applications that manage user accounts, access control lists, authorization tokens, security infrastructure, or any other sensitive/high-value systems, administrators should take special care to review and verify that no unexpected changes were made.\n\nFor any developers, maintainers, or administrators of software that uses the Lasso library, due to the alternative Lasso dependency category listed above, Akamai recommends that you upgrade to the 2.7.0 release Lasso as soon as possible. Like in the above categories, system administrators should review actions of end users for anomalous usage patterns as impersonation attempts are unlikely to be logged. For software packages that depend on Lasso, monitor for patching notifications if the package has an established distribution channel. Updated Debian, Ubuntu and RedHat packages are expected to be released within hours of this post, if not before this report's publication.\n\n## Examples of how the vulnerability can be exploited\n\n### Impersonated network access of unauthenticated applications\n\nUsing EAA to access unauthenticated applications means that EAA is acting as an authenticator and authorizer to gain access to those applications and not proxying any authentication information to them. If an environment makes use of EAA to allow or deny access to unauthenticated applications, those internal applications would have no way of knowing that the user being presented to them is impersonated. \n\nIn this scenario, administrators would need to consider the impact of having users not authorized to access the application being able to connect to the application. For example, if the application processed only public information, the impact would be low, whereas if the application processed sensitive or regulated data, the impact could be potentially high. \n\nAlso, administrators of the application would need to analyze their application level logs for activity that may indicate an account was impersonated. Log analysis may show examples of user activity that did not conform to general, regular usage patterns, such as accessing the application at unusual times or accessing data or processes in the application that the user would not usually access. \n\n### Impersonated network access of authenticated applications\n\nWhen using EAA to access applications that provide their own authentication, the risk this vulnerability may have placed on that application is lower than compared to that of unauthenticated applications. Successful impersonation of the EAA session would not affect authentication performed by the application. \n\nLog analysis may show examples where someone authenticates as one user over EAA and as another user within the application. This analysis would give administrators hints as to whether or not someone had attempted to exploit the vulnerability to gain unauthorized access.\n\nAdministrators of applications in this category should review if the authentications done by the application itself made use of Lasso and thus were potentially in the alternate lasso dependency category as well.\n\n### Impersonated application access\n\nWhen EAA passes the identity used for the EAA session to an application, the application assumes that the identity has been validated. Should an application session be created using an impersonated user, the application would assume the impersonated user is the true user. Successful impersonation could occur in this case when Kerberos constrained delegation, Header Authentication, or OpenID Connect (OIDC) were used when forwarding identity information to your application.\n\nIn the case of the RDP Application Auto-login feature, the actor who impersonates another user would be able to access the RDP service as if they were the impersonated user, using the administrator-provided credential to connect to the origin service. While the administrator-provided credential would not be exposed to the actor, access to the system would be granted as if the impersonated user were taking the action.\n\nAs with other cases, log analysis could help administrators find sessions that were behaving unusually based on the timing and nature of the activity.\n\n### Alternate Lasso dependency\n\nBeyond any dependency on Lasso by EAA, any application that makes use of Lasso is likely affected by this vulnerability. Developers should review their code bases to understand if their applications make use of the Lasso library, and, if so, they should update the library or mitigate its impact as soon as possible. If you rely on an application which has Lasso as a dependency, monitoring that application for updates is suggested, allowing administrators to patch as soon as they are able. This vulnerability has been fixed in Lasso version 2.7.0.\n\n## Logging and forensics\n\nAs stated in the impact section above, the scope of the actions required is quite broad, this is informed by multiple factors:\n\n * The potential window of exposure for this vulnerability spans back to at least 2016, if not further.\n\n * The EAA platform only archives configurations for a period of 90 days after the configurations are deleted or superseded. Thus, Akamai is unable to determine if an EAA application configuration met the conditions for vulnerability for configurations that were deactivated more than 90 days ago.\n\n * The authentication component in EAA did not have sufficient logging to detect if this vulnerability was being exploited. During our testing of this vulnerability, Akamai made multiple attempts to explore the available logging information to determine if exploitation was identifiable, but the information logged could not confirm or rule out potential exploitation of this vulnerability. To limit the potential exposure of end user authentication tokens, and to preserve the secrecy and privacy of customer authentication tokens, Akamai also does not log the SAML assertions which we validate. \n\nIn response to this fix, new logging has been added to the EAA platform to detect malformed authentication attempts, which is how this attack would appear to EAA following the patch. At the time of publication, all fraudulent authentication attempts were attributed to post deployment regression testing,verification by the reporting party that the issue had been resolved, third-party IdPs with expired certificates and IdPs which were not configured correctly.\n\n## Acknowledgments\n\nWe would like to thank:\n\n * Best Buy, their Enterprise Information Protection team and Sam Tinklenberg for reporting the user impersonation vulnerability in EAA to us. \n\n * Entr'ouvert, the maintainers of the Lasso library for their assistance in patching and disclosing this vulnerability as well as for their continued maintenance of the library.\n\n * CERT/CC for helping us to disclose both of these vulnerabilities, as well as the entities that were contacted to quickly respond to this issue for their efforts.\n\n## Additional information\n\nWe encourage anyone with further questions to review our [companion post](<https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html>), for EAA Customers who have additional questions, please contact Akamai Technical support.\n\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-01T13:00:00", "type": "akamaiblog", "title": "SAML Implementation Vulnerability Impacting Some Akamai Services", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091", "CVE-2021-33054"], "modified": "2021-06-01T12:56:04", "id": "AKAMAIBLOG:1B1C75F5CA08CED3E866D93E3728687E", "href": "http://feedproxy.google.com/~r/TheAkamaiBlog/~3/QMdiRYMs1Yo/saml-implementation-vulnerability-impacting-some-akamai-services.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2021-11-16T22:30:52", "description": "[2.6.0-12]\n- Fix a dead code issue in the signature wrapping patch\n- Resolves: rhbz#1951653 - CVE-2021-28091 lasso: XML signature wrapping\n vulnerability when parsing SAML responses [rhel-8]\n[2.6.0-11]\n- Bump release to force the package through OSCI as the previous\n build reached CI just in time for an outage\n- Related: rhbz#1888195 - [RFE] release (built) python3-lasso pkg (comingfrom lasso)\n[2.6.0-10]\n- Resolves: rhbz#1951653 - CVE-2021-28091 lasso: XML signature wrapping\n vulnerability when parsing SAML responses [rhel-8]\n[2.6.0-9]\n- Resolves: rhbz#1888195 - [RFE] release (built) python3-lasso pkg (coming\n from lasso)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-11-16T00:00:00", "type": "oraclelinux", "title": "lasso security and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-11-16T00:00:00", "id": "ELSA-2021-4325", "href": "http://linux.oracle.com/errata/ELSA-2021-4325.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-02T20:24:40", "description": "[2.5.1-8]\n- Fix Coverity warning introduced by the previous patch\n- Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping\n vulnerability when parsing SAML responses\n[2.5.1-7]\n- Fix Coverity warning introduced by the previous patch\n- Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping\n vulnerability when parsing SAML responses\n[2.5.1-6]\n- Resolves: #1963855 - CVE-2021-28091 lasso: XML signature wrapping\n vulnerability when parsing SAML responses", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-02T00:00:00", "type": "oraclelinux", "title": "lasso security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-08-02T00:00:00", "id": "ELSA-2021-2989", "href": "http://linux.oracle.com/errata/ELSA-2021-2989.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nentrouvert reports:\n\nWhen AuthnResponse messages are not signed (which is\n permitted by the specifiation), all assertion's signatures should be\n checked, but currently after the first signed assertion is checked all\n following assertions are accepted without checking their signature, and\n the last one is considered the main assertion.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-01T00:00:00", "type": "freebsd", "title": "lasso -- signature checking failure", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-06-01T00:00:00", "id": "417DE1E6-C31B-11EB-9633-B42E99A1B9C3", "href": "https://vuxml.freebsd.org/freebsd/417de1e6-c31b-11eb-9633-b42e99a1b9c3.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhatcve": [{"lastseen": "2022-06-08T11:08:12", "description": "An XML Signature Wrapping (XSW) vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-01T14:19:14", "type": "redhatcve", "title": "CVE-2021-28091", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2022-06-08T08:44:17", "id": "RH:CVE-2021-28091", "href": "https://access.redhat.com/security/cve/cve-2021-28091", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2022-06-26T22:02:56", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for lasso fixes the following issues:\n\n - CVE-2021-28091: Fixed XML signature wrapping vulnerability when parsing\n SAML responses (boo#1186768)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1057=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-20T00:00:00", "type": "suse", "title": "Security update for lasso (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28091"], "modified": "2021-07-20T00:00:00", "id": "OPENSUSE-SU-2021:1057-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NVAZRUCJGDCHRY6W5ARRO5NRB27JQCR6/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}
[SECURITY] Fedora 34 Update: lasso-2.7.0-1.fc34
