Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1273.NASL
HistoryFeb 09, 2018 - 12:00 a.m.

Debian DLA-1273-1 : simplesamlphp security update

2018-02-0900:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

simplesamlphp, an authentication and federation application has been found vulnerable to Cross Site Scripting (XSS), signature validation byepass and using insecure connection charset.

CVE-2017-18121

A Cross Site Scripting (XSS) issue has been found in the consentAdmin module of SimpleSAMLphp through 1.14.15, allowing an attacker to manually craft links that a victim can open, executing arbitrary JavaScript code.

CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.

CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.

For Debian 7 ‘Wheezy’, these problems have been fixed in version 1.9.2-1+deb7u2.

We recommend that you upgrade your simplesamlphp packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1273-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(106697);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2017-18121", "CVE-2017-18122", "CVE-2018-6521");

  script_name(english:"Debian DLA-1273-1 : simplesamlphp security update");
  script_summary(english:"Checks dpkg output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"simplesamlphp, an authentication and federation application has been
found vulnerable to Cross Site Scripting (XSS), signature validation
byepass and using insecure connection charset.

CVE-2017-18121

A Cross Site Scripting (XSS) issue has been found in the consentAdmin
module of SimpleSAMLphp through 1.14.15, allowing an attacker to
manually craft links that a victim can open, executing arbitrary
JavaScript code.

CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp
through 1.14.16. Service Provider using SAML 1.1 will regard as valid
any unsigned SAML response containing more than one signed assertion,
provided that the signature of at least one of the assertions is
valid. Attributes contained in all the assertions received will be
merged and the entityID of the first assertion received will be used,
allowing an attacker to impersonate any user of any IdP given an
assertion signed by the targeted IdP.

CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL
utf8 charset, which truncates queries upon encountering four-byte
characters. There might be a scenario in which this allows remote
attackers to bypass intended access restrictions.

For Debian 7 'Wheezy', these problems have been fixed in version
1.9.2-1+deb7u2.

We recommend that you upgrade your simplesamlphp packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/simplesamlphp"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected simplesamlphp package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:simplesamlphp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"simplesamlphp", reference:"1.9.2-1+deb7u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxsimplesamlphpp-cpe:/a:debian:debian_linux:simplesamlphp
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

Related

openvas 2
osv 8
debian 3
veracode 2
cve 3
github 3
nessus 1
prion 3
debiancve 3
ubuntucve 3
openvas
openvas
Debian: Security Advisory (DLA-1273-1)
2018-02-20 00:00:00
Debian: Security Advisory (DSA-4127-1)
2018-03-01 00:00:00
osv
osv
simplesamlphp - security update
2018-02-09 00:00:00
SimpleSAMLphp Signature validation bypass
2022-05-14 01:04:08
simplesamlphp - security update
2018-03-02 00:00:00
debian
debian
[SECURITY] [DLA 1273-1] simplesamlphp security update
2018-02-09 03:11:36
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39
veracode
veracode
Authentication Bypass
2018-07-18 06:12:04
Cross-site Scripting (XSS)
2018-05-25 06:37:11
cve
cve
CVE-2017-18121
2018-02-02 15:29:00
CVE-2017-18122
2018-02-02 15:29:00
CVE-2018-6521
2018-02-02 01:29:00
github
github
SimpleSAMLphp Signature validation bypass
2022-05-14 01:04:08
SimpleSAMLphp XSS Vulnerability
2022-05-14 01:04:10
SimpleSAMLphp Use of insecure connection charset (sqlauth module)
2022-05-13 01:53:07
nessus
nessus
Debian DSA-4127-1 : simplesamlphp - security update
2018-03-05 00:00:00
prion
prion
Input validation
2018-02-02 15:29:00
Cross site scripting
2018-02-02 15:29:00
Design/Logic Flaw
2018-02-02 01:29:00
debiancve
debiancve
CVE-2017-18121
2018-02-02 15:29:00
CVE-2017-18122
2018-02-02 15:29:00
CVE-2018-6521
2018-02-02 01:29:00
ubuntucve
ubuntucve
CVE-2017-18122
2018-02-02 00:00:00
CVE-2017-18121
2018-02-02 00:00:00
CVE-2018-6521
2018-02-02 00:00:00
JSON
Related for DEBIAN_DLA-1273.NASL
openvas2osv8debian3veracode2cve3github3nessus1prion3debiancve3ubuntucve3