Search...

Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)

2009-11-13T00:00:00

ID OPENVAS:1361412562310801148
Type openvas
Reporter Copyright (C) 2009 Greenbone Networks GmbH
Modified 2019-04-29T00:00:00

Description

The host has Shibboleth Service Provider installed and is prone to multiple Cross-Site Scripting vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)
#
# Authors:
# Sharath S &lt;sharaths@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801148");
  script_version("2019-04-29T15:08:03+0000");
  script_tag(name:"last_modification", value:"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)");
  script_tag(name:"creation_date", value:"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)");
  script_tag(name:"cvss_base", value:"2.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_cve_id("CVE-2009-3300");
  script_name("Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)");
  script_xref(name:"URL", value:"http://secunia.com/advisories/37237/");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/54140");
  script_xref(name:"URL", value:"http://shibboleth.internet2.edu/secadv/secadv_20091104.txt");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Web application abuses");
  script_dependencies("gb_shibboleth_sp_detect_win.nasl");
  script_mandatory_keys("Shibboleth/SP/Win/Ver");
  script_tag(name:"impact", value:"Successful exploitation could allow remote attackers to inject arbitrary web
  script or HTML via URLs that are encountered in redirections, and appear in
  automatically generated forms.");
  script_tag(name:"affected", value:"Shibboleth Service Provider version 1.3.x before 1.3.5 and 2.x before 2.3
  on Windows.");
  script_tag(name:"insight", value:"The flaws are due to an error within the sanitation of certain URLs.
  This can be exploited to insert arbitrary HTML and script code, which will
  be executed in a user's browser session in the context of an affected site
  when malicious data is viewed.");
  script_tag(name:"solution", value:"Upgrade Shibboleth Service Provider version 1.3.5 or 2.3 or later.");
  script_tag(name:"summary", value:"The host has Shibboleth Service Provider installed and is prone to
  multiple Cross-Site Scripting vulnerabilities.");
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("version_func.inc");

shibVer = get_kb_item("Shibboleth/SP/Win/Ver");
if(!shibVer)
  exit(0);

if(version_in_range(version:shibVer, test_version:"1.3", test_version2:"1.3.4")||
   version_in_range(version:shibVer, test_version:"2.0", test_version2:"2.2")){
  security_message(port:0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310801148", "type": "openvas", "bulletinFamily": "scanner", "title": "Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)", "description": "The host has Shibboleth Service Provider installed and is prone to\n multiple Cross-Site Scripting vulnerabilities.", "published": "2009-11-13T00:00:00", "modified": "2019-04-29T00:00:00", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801148", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://xforce.iss.net/xforce/xfdb/54140", "http://secunia.com/advisories/37237/", "http://shibboleth.internet2.edu/secadv/secadv_20091104.txt"], "cvelist": ["CVE-2009-3300"], "lastseen": "2019-05-29T18:40:23", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3300"]}, {"type": "openvas", "idList": ["OPENVAS:66514", "OPENVAS:801148", "OPENVAS:136141256231066514"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1947-1:859D4", "DEBIAN:A7F1AD21A846A633B2D939FC737D1788:D0D4D"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1947.NASL"]}], "modified": "2019-05-29T18:40:23", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2019-05-29T18:40:23", "rev": 2}, "vulnersScore": 5.2}, "pluginID": "1361412562310801148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801148\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2009-3300\");\n script_name(\"Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/37237/\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/54140\");\n script_xref(name:\"URL\", value:\"http://shibboleth.internet2.edu/secadv/secadv_20091104.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_shibboleth_sp_detect_win.nasl\");\n script_mandatory_keys(\"Shibboleth/SP/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to inject arbitrary web\n script or HTML via URLs that are encountered in redirections, and appear in\n automatically generated forms.\");\n script_tag(name:\"affected\", value:\"Shibboleth Service Provider version 1.3.x before 1.3.5 and 2.x before 2.3\n on Windows.\");\n script_tag(name:\"insight\", value:\"The flaws are due to an error within the sanitation of certain URLs.\n This can be exploited to insert arbitrary HTML and script code, which will\n be executed in a user's browser session in the context of an affected site\n when malicious data is viewed.\");\n script_tag(name:\"solution\", value:\"Upgrade Shibboleth Service Provider version 1.3.5 or 2.3 or later.\");\n script_tag(name:\"summary\", value:\"The host has Shibboleth Service Provider installed and is prone to\n multiple Cross-Site Scripting vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nshibVer = get_kb_item(\"Shibboleth/SP/Win/Ver\");\nif(!shibVer)\n exit(0);\n\nif(version_in_range(version:shibVer, test_version:\"1.3\", test_version2:\"1.3.4\")||\n version_in_range(version:shibVer, test_version:\"2.0\", test_version2:\"2.2\")){\n security_message(port:0);\n}\n", "naslFamily": "Web application abuses"}

{"cve": [{"lastseen": "2021-02-02T05:40:05", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.", "edition": 4, "cvss3": {}, "published": "2009-11-06T15:30:00", "title": "CVE-2009-3300", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3300"], "modified": "2017-08-17T01:31:00", "cpe": ["cpe:/a:internet2:service_provider:1.3", "cpe:/a:internet2:identity_provider:2.1.1", "cpe:/a:internet2:identity_provider:2.1.0", "cpe:/a:internet2:identity_provider:1.3.2", "cpe:/a:internet2:identity_provider:2.1.2", "cpe:/a:internet2:identity_provider:2.1.3", "cpe:/a:internet2:service_provider:1.3.2", "cpe:/a:internet2:identity_provider:2.1.4", "cpe:/a:internet2:identity_provider:1.3", "cpe:/a:internet2:service_provider:2.2", "cpe:/a:internet2:service_provider:2.0", "cpe:/a:internet2:identity_provider:1.3.3", "cpe:/a:internet2:service_provider:1.3.1", "cpe:/a:internet2:service_provider:2.1", "cpe:/a:internet2:service_provider:1.3.3", "cpe:/a:internet2:identity_provider:1.3.1"], "id": "CVE-2009-3300", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3300", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:internet2:service_provider:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:identity_provider:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:identity_provider:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:identity_provider:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:service_provider:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:identity_provider:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:service_provider:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:identity_provider:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:identity_provider:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:service_provider:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:service_provider:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:identity_provider:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:identity_provider:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:service_provider:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:service_provider:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:identity_provider:1.3:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-04-06T11:37:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3300"], "description": "The remote host is missing an update to shibboleth-sp, shibboleth-sp2, opensaml2\nannounced via advisory DSA 1947-1.", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:136141256231066514", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066514", "type": "openvas", "title": "Debian Security Advisory DSA 1947-1 (shibboleth-sp, shibboleth-sp2, opensaml2)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1947_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1947-1 (shibboleth-sp, shibboleth-sp2, opensaml2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Matt Elder discovered that Shibboleth, a federated web single sign-on\nsystem is vulnerable to script injection through redirection URLs. More\ndetails can be found in the Shibboleth advisory at\nhttp://shibboleth.internet2.edu/secadv/secadv_20091104.txt\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.3f.dfsg1-2+etch2 of shibboleth-sp.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2\nof shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and\nversion 1.3.1-1 of xmltooling.\n\nWe recommend that you upgrade your Shibboleth packages.\";\ntag_summary = \"The remote host is missing an update to shibboleth-sp, shibboleth-sp2, opensaml2\nannounced via advisory DSA 1947-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201947-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66514\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3300\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1947-1 (shibboleth-sp, shibboleth-sp2, opensaml2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libshib-dev\", ver:\"1.3f.dfsg1-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib-target5\", ver:\"1.3f.dfsg1-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib6\", ver:\"1.3f.dfsg1-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-shib\", ver:\"1.3f.dfsg1-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsaml2-doc\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"opensaml2-schemas\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshibsp-doc\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"shibboleth-sp2-schemas\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib-dev\", ver:\"1.3.1.dfsg1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib6\", ver:\"1.3.1.dfsg1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib-target5\", ver:\"1.3.1.dfsg1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-shib\", ver:\"1.3.1.dfsg1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-shib2\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshibsp1\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshibsp-dev\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsaml2-dev\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"opensaml2-tools\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsaml2\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3300"], "description": "The remote host is missing an update to shibboleth-sp, shibboleth-sp2, opensaml2\nannounced via advisory DSA 1947-1.", "modified": "2017-07-07T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:66514", "href": "http://plugins.openvas.org/nasl.php?oid=66514", "type": "openvas", "title": "Debian Security Advisory DSA 1947-1 (shibboleth-sp, shibboleth-sp2, opensaml2)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1947_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1947-1 (shibboleth-sp, shibboleth-sp2, opensaml2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Matt Elder discovered that Shibboleth, a federated web single sign-on\nsystem is vulnerable to script injection through redirection URLs. More\ndetails can be found in the Shibboleth advisory at\nhttp://shibboleth.internet2.edu/secadv/secadv_20091104.txt\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.3f.dfsg1-2+etch2 of shibboleth-sp.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2\nof shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and\nversion 1.3.1-1 of xmltooling.\n\nWe recommend that you upgrade your Shibboleth packages.\";\ntag_summary = \"The remote host is missing an update to shibboleth-sp, shibboleth-sp2, opensaml2\nannounced via advisory DSA 1947-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201947-1\";\n\n\nif(description)\n{\n script_id(66514);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3300\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1947-1 (shibboleth-sp, shibboleth-sp2, opensaml2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libshib-dev\", ver:\"1.3f.dfsg1-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib-target5\", ver:\"1.3f.dfsg1-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib6\", ver:\"1.3f.dfsg1-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-shib\", ver:\"1.3f.dfsg1-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsaml2-doc\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"opensaml2-schemas\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshibsp-doc\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"shibboleth-sp2-schemas\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib-dev\", ver:\"1.3.1.dfsg1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib6\", ver:\"1.3.1.dfsg1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshib-target5\", ver:\"1.3.1.dfsg1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-shib\", ver:\"1.3.1.dfsg1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-shib2\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshibsp1\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libshibsp-dev\", ver:\"2.0.dfsg1-4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsaml2-dev\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"opensaml2-tools\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsaml2\", ver:\"2.0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:13:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3300"], "description": "The host has Shibboleth Service Provider installed and is prone to\n multiple Cross-Site Scripting vulnerabilities.", "modified": "2016-12-29T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:801148", "href": "http://plugins.openvas.org/nasl.php?oid=801148", "type": "openvas", "title": "Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_shibboleth_sp_mult_xss_vuln_win.nasl 4869 2016-12-29 11:01:45Z teissa $\n#\n# Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow remote attackers to inject arbitrary web\n script or HTML via URLs that are encountered in redirections, and appear in\n automatically generated forms.\n Impact Level: Application.\";\ntag_affected = \"Shibboleth Service Provider version 1.3.x before 1.3.5 and 2.x before 2.3\n on Windows.\";\ntag_insight = \"The flaws are due to an error within the sanitation of certain URLs.\n This can be exploited to insert arbitrary HTML and script code, which will\n be executed in a user's browser session in the context of an affected site\n when malicious data is viewed.\";\ntag_solution = \"Upgrade Shibboleth Service Provider version 1.3.5 or 2.3 or later.\n http://shibboleth.internet2.edu/downloads.html\";\ntag_summary = \"The host has Shibboleth Service Provider installed and is prone to\n multiple Cross-Site Scripting vulnerabilities.\";\n\nif(description)\n{\n script_id(801148);\n script_version(\"$Revision: 4869 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-29 12:01:45 +0100 (Thu, 29 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2009-3300\");\n script_name(\"Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/37237/\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/54140\");\n script_xref(name : \"URL\" , value : \"http://shibboleth.internet2.edu/secadv/secadv_20091104.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_shibboleth_sp_detect_win.nasl\", \"http_version.nasl\");\n script_require_keys(\"Shibboleth/SP/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = 1600;\nif(!get_port_state(port)){\n exit(0);\n}\n\nshibVer = get_kb_item(\"Shibboleth/SP/Win/Ver\");\nif(!shibVer){\n exit(0);\n}\n\n# Check for Shibboleth Service Provider version 1.3.x < 1.3.5 and 2.x < 2.3\nif(version_in_range(version:shibVer, test_version:\"1.3\", test_version2:\"1.3.4\")||\n version_in_range(version:shibVer, test_version:\"2.0\", test_version2:\"2.2\")){\n security_message(port);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:54", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3300"], "description": "Russ Allbery uploaded new packages for xmltooling, opensaml2,\nshibboleth-sp2, and shibboleth-sp which fixed the following security\nproblems:\n \nCVE-2009-3300\n\n The Shibboleth software includes code to perform arbitrary\n redirections and generates forms containing arbitrary destinations in\n certain cases. The URLs used were not properly checked for certain\n kinds of cross-site scripting (XSS) attacks and are vulnerable to\n script injection and some related vulnerabilities.\n\n See http://shibboleth.internet2.edu/secadv/secadv_20091104.txt\n\nThe fix for the lenny-backports distribution requires updating all of\nxmltooling, opensaml2, and shibboleth-sp2. The problems have been fixed\nin xmltooling 1.3.1-1~bpo50+1, opensaml2 2.3-1~bpo50+2, and shibboleth-sp2\n2.3+dfsg-1~bpo50+1.\n\nFor the unstable and testing distributions, the problems have been fixed\nin xmltooling 1.3.1-1, opensaml2 2.3-1, and shibboleth-sp2 2.3+dfsg-1.\n\nFor the stable (lenny) distribution, the problems have been fixed in\nopensaml2 2.0-2+lenny2 and shibboleth-sp2 2.0.dfsg1-4+lenny2. No update\nto xmltooling is required for the stable distribution.\n\nThe older Shibboleth 1.x implementation which shipped with lenny and etch\nis also affected. For the etch-backports distribution, the problems have\nbeen fixed in shibboleth-sp 1.3.1.dfsg1-3+lenny2~bpo40+1.\n\nFor the stable (lenny) distribution, the problems have been fixed in\nshibboleth-sp 1.3.1.dfsg1-3+lenny2.\n\nFor the oldstable (etch) distribution, the problems have been fixed in\n1.3f.dfsg1-2+etch2.\n \nUpgrade instructions\n--------------------\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n\nWe recommend to pin the backports repository to 200 so that new\nversions of installed backports will be installed automatically. \n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\n[1] <http://backports.org/dokuwiki/doku.php?id=instructions>\n\n-- \nRuss Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>\n", "edition": 2, "modified": "2009-12-08T03:08:05", "published": "2009-12-08T03:08:05", "id": "DEBIAN:A7F1AD21A846A633B2D939FC737D1788:D0D4D", "href": "https://lists.debian.org/debian-backports-announce/2009/debian-backports-announce-200912/msg00001.html", "title": "[Backports-security-announce] Security Update for Shibboleth\tpackages", "type": "debian", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-11T13:16:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3300"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1947-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 07, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : shibboleth-sp, shibboleth-sp2, opensaml2\nVulnerability : missing input sanitising\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-3300\n\nMatt Elder discovered that Shibboleth, a federated web single sign-on\nsystem is vulnerable to script injection through redirection URLs. More\ndetails can be found in the Shibboleth advisory at\nhttp://shibboleth.internet2.edu/secadv/secadv_20091104.txt \n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.3f.dfsg1-2+etch2 of shibboleth-sp.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2\nof shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and\nversion 1.3.1-1 of xmltooling.\n\nWe recommend that you upgrade your Shibboleth packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch2.diff.gz\n Size/MD5 checksum: 35169 ce866f75fd4a3e360bcf1f40328a6775\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1.orig.tar.gz\n Size/MD5 checksum: 731365 7aba8f84ff20013dea55a4a34306791a\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch2.dsc\n Size/MD5 checksum: 957 4b81922200999d83b4e6e300dc4105b2\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_alpha.deb\n Size/MD5 checksum: 599542 bc648aff189d0a1ab1cfaa8b552ca3c2\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_alpha.deb\n Size/MD5 checksum: 218758 84f33e347e9905f7a8ea10f7ccefef38\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_alpha.deb\n Size/MD5 checksum: 81606 ff24f6a6f67605f54970d80effacbbdb\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_alpha.deb\n Size/MD5 checksum: 4220522 696dd0f5e47dc671cc975becf0de468f\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_amd64.deb\n Size/MD5 checksum: 458596 74e93d23170bb31caebfe2ca129d07d0\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_amd64.deb\n Size/MD5 checksum: 78106 54e21b28a39741ed8e7174f1f461b36f\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_amd64.deb\n Size/MD5 checksum: 4016352 ed12fa9ff63849bbaebff10b69910042\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_amd64.deb\n Size/MD5 checksum: 201502 99f8013c58e15a4e7f631c2b6163df80\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_arm.deb\n Size/MD5 checksum: 463996 e9b59a2da0e48c3c28d5cc6496fb610a\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_arm.deb\n Size/MD5 checksum: 224674 443c6592e797a5f3029ddfc6e4d39b6e\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_arm.deb\n Size/MD5 checksum: 77274 eb8e738461d2ce57747d00c0372ccd0c\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_arm.deb\n Size/MD5 checksum: 3777924 c8fc18d5e616f85e3bf4be7e72660a6d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_hppa.deb\n Size/MD5 checksum: 91240 6d3bf6784f6c37ac33bd5c187ffff78f\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_hppa.deb\n Size/MD5 checksum: 4681852 45a47043bead90d8c5b4d7d055f3481c\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_hppa.deb\n Size/MD5 checksum: 236856 9fcd23ec0055d336e830afbff9e0bfc4\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_hppa.deb\n Size/MD5 checksum: 523584 39dae9be500d372f40d79cd173208c83\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_i386.deb\n Size/MD5 checksum: 433480 4d36fe53ea41d60d8a9271a8283f982e\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_i386.deb\n Size/MD5 checksum: 76582 2e8ccdf193b826c7edea81d64928e306\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_i386.deb\n Size/MD5 checksum: 201376 43e1ccf246c06173bb0b726435f0d815\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_i386.deb\n Size/MD5 checksum: 3717328 706787e36afd27879765043b36e21b67\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_ia64.deb\n Size/MD5 checksum: 4282674 6cf33d6e7e648f927d7471c1e14faeda\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_ia64.deb\n Size/MD5 checksum: 261082 42ecc6cb79ccaeb51ed216460854a6ef\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_ia64.deb\n Size/MD5 checksum: 606936 ad107c7889b6d3656b09494956872099\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_ia64.deb\n Size/MD5 checksum: 93558 e42b24b08c6724e038885bbb740b7ca8\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_mipsel.deb\n Size/MD5 checksum: 188188 08e68a767cef9f6a17300355346ebb29\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_mipsel.deb\n Size/MD5 checksum: 3739418 16b2bbe8b61dcce84d0b59cd1deab413\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_mipsel.deb\n Size/MD5 checksum: 474312 0f630ad847bd524394fd8a2fb09a3bf6\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_mipsel.deb\n Size/MD5 checksum: 74468 fea5404f1e3c957dea0725a8dc592026\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_s390.deb\n Size/MD5 checksum: 4882170 69ef571c49fc850cc72c2ece4034cc26\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_s390.deb\n Size/MD5 checksum: 431890 0dca24c94492a6315d1fdbec36084135\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_s390.deb\n Size/MD5 checksum: 202306 8ca8e9ef70f686c74bb847872e4aec48\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_s390.deb\n Size/MD5 checksum: 78436 a282913025fea52ca355b0ccd3eaae59\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_sparc.deb\n Size/MD5 checksum: 4013874 821e9b9bc96fef947d18f6784d3b1854\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_sparc.deb\n Size/MD5 checksum: 78344 50dc4f9244ac311dca6bfbc81214c978\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_sparc.deb\n Size/MD5 checksum: 416304 13ca14493e80f0ff8e7f94ccdb660abf\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_sparc.deb\n Size/MD5 checksum: 209108 ecb31ca29a9d247d212a63df040d9a64\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny2.diff.gz\n Size/MD5 checksum: 7717 be1470ec19b079abbea465c586a6db9c\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny2.dsc\n Size/MD5 checksum: 1450 ae583eaffa9dc2ab9fc37f15bfbf9817\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.diff.gz\n Size/MD5 checksum: 34141 89b96ed5094e36c9da588f2fe0c815d9\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny2.diff.gz\n Size/MD5 checksum: 17174 b9b0333f56c573d4a7f9bf608cbc4a89\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0.orig.tar.gz\n Size/MD5 checksum: 705058 85968f3c72cb789b11c9d01209e4d46b\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny2.dsc\n Size/MD5 checksum: 1672 7cef2a57583d84e46a214475c4a25393\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1.orig.tar.gz\n Size/MD5 checksum: 761686 996ac4370cd8cb91528169c1e2c337b6\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.dsc\n Size/MD5 checksum: 1601 b7d6efd2896e7e3cee6463c14c23b122\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1.orig.tar.gz\n Size/MD5 checksum: 726871 836fccbf614fc8edfc1fdbefcf0ba489\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-doc_2.0-2+lenny2_all.deb\n Size/MD5 checksum: 365940 551bf56b7ca0618a515b4cde3c9046c7\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-schemas_2.0-2+lenny2_all.deb\n Size/MD5 checksum: 25680 681338ca7d060ab79c9f26527902d8dc\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-doc_2.0.dfsg1-4+lenny2_all.deb\n Size/MD5 checksum: 258520 39b8bdad69f6bfa31730c459da5b575c\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.0.dfsg1-4+lenny2_all.deb\n Size/MD5 checksum: 15434 4f601fe9b3886b22316a141e01e707a6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_alpha.deb\n Size/MD5 checksum: 575686 69d92528ea88a49b28931fc0fd3653f7\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_alpha.deb\n Size/MD5 checksum: 84258 4de37104dcc335289e01785cd85d4c85\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_alpha.deb\n Size/MD5 checksum: 218348 8f31cca573d9e3158458c7ec76a09e88\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_alpha.deb\n Size/MD5 checksum: 4126894 3eaf35288a38c8d14e4c72340661a594\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_alpha.deb\n Size/MD5 checksum: 241522 385e1e70d3b296c97bf34783c2cf173f\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_alpha.deb\n Size/MD5 checksum: 941354 123fbab68a88df7843839b0406345488\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_alpha.deb\n Size/MD5 checksum: 39842 d8c15efea7f3d01bd06b6197a8920235\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_amd64.deb\n Size/MD5 checksum: 228568 dc4196ddec55f46b1a8eac7185b88a48\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_amd64.deb\n Size/MD5 checksum: 81744 a55299c3b74a93da9a592dac059b01c9\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_amd64.deb\n Size/MD5 checksum: 44592 4b419a7302251bc7b4692d66bff18528\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_amd64.deb\n Size/MD5 checksum: 840692 1ff155d1f8cd16aa3a84aa8efb1193e9\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_amd64.deb\n Size/MD5 checksum: 201410 8edd3a696833973b204a6d71dcdab807\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_amd64.deb\n Size/MD5 checksum: 39838 ab0ae6d0efddc77e13f9bd4c5310c542\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_amd64.deb\n Size/MD5 checksum: 28440 9bb20149248ac6f087e4cc43646d1f8c\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_amd64.deb\n Size/MD5 checksum: 456000 b8ca326fcf83b65d8dca6e9784f53066\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_amd64.deb\n Size/MD5 checksum: 1192090 7803aa94b252c6ea8f0fbbb85c5daa2a\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_amd64.deb\n Size/MD5 checksum: 3836116 2a44bac39c2cb29039c56cbb95e5786a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_arm.deb\n Size/MD5 checksum: 228470 71a7c3343665c48ede56d46a0c262221\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_arm.deb\n Size/MD5 checksum: 455568 ea8a41453fc01b7bdfa1c9071327333c\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_arm.deb\n Size/MD5 checksum: 77508 7117b5f842db50750bb549fce98b19f9\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_arm.deb\n Size/MD5 checksum: 3581714 51dd8fdf617457b087d06ca7a5736a94\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_arm.deb\n Size/MD5 checksum: 44828 c311aa275750cfd43afd388b153e8416\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_arm.deb\n Size/MD5 checksum: 214548 f3defb04bd5965851b36ac8d6cb3d151\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_arm.deb\n Size/MD5 checksum: 27214 d88ee290fdfd74f37e64f04805cfcc18\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_arm.deb\n Size/MD5 checksum: 40368 586a3581ca90e7e7ee0e88c146687e62\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_arm.deb\n Size/MD5 checksum: 1164554 1f88ecccc1c33e3faab2b3f7a4452dd7\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_arm.deb\n Size/MD5 checksum: 946436 ed86edf1c11e206e5d032bb5181ad50a\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_armel.deb\n Size/MD5 checksum: 205908 0e0678da76fed65ae488470dfe10a0c9\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_armel.deb\n Size/MD5 checksum: 476654 f6d54f691090bf50254dbd386c6d769c\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_armel.deb\n Size/MD5 checksum: 69910 ba99d299af96261c579e25e66908abab\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_armel.deb\n Size/MD5 checksum: 770344 b86196f10236b070b803cd4471f4c423\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_armel.deb\n Size/MD5 checksum: 45088 c339ef2f9f15e520e82a1d51bfd95aae\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_armel.deb\n Size/MD5 checksum: 24718 db0f484a05d4122d24f8545975c15326\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_armel.deb\n Size/MD5 checksum: 1036358 67b6c4e429c5e111b0ec13efb45d7882\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_armel.deb\n Size/MD5 checksum: 40430 f90d19f99a707de0b382b8e9e4b1e198\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_armel.deb\n Size/MD5 checksum: 3558576 c47ab3119943a9566da8ddc09ca660f1\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_armel.deb\n Size/MD5 checksum: 185672 3882aafaf772ec0efef1467d73423aee\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_hppa.deb\n Size/MD5 checksum: 44690 179fd0ce973904e527a4689d4277394f\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_hppa.deb\n Size/MD5 checksum: 1028004 fda64b9c3d563d0ca69ab75589df9537\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_hppa.deb\n Size/MD5 checksum: 1390048 f4c926a6071013c7036a80e26f28fa11\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_hppa.deb\n Size/MD5 checksum: 29416 8464d0da9c99a042352cb2d3283e7ea8\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_hppa.deb\n Size/MD5 checksum: 4490366 9f2d49bb26c07d0590a267a956d0ecd6\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_hppa.deb\n Size/MD5 checksum: 233514 553109e5fe95a921708fa43c2f390ae1\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_hppa.deb\n Size/MD5 checksum: 537212 1c245ff84054296d0ed17e927a306ee0\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_hppa.deb\n Size/MD5 checksum: 251682 24496f3bc7ab7f61814a11c926c5df9b\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_hppa.deb\n Size/MD5 checksum: 88700 8cb6c26058a0a110af40ceb8b5390467\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_hppa.deb\n Size/MD5 checksum: 40654 dd810fe55b07f82ceb95bf9ea836e3ea\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_i386.deb\n Size/MD5 checksum: 39896 92ee9791f3230e4ea0af774d21f94168\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_i386.deb\n Size/MD5 checksum: 830196 69baa4d5223c2de49c11efb1f5221a60\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_i386.deb\n Size/MD5 checksum: 1083380 5172f568a27adc2bed46aa20f676dff5\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_i386.deb\n Size/MD5 checksum: 3517742 7a113810a43f06c3d6a3c5dab6e07016\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_i386.deb\n Size/MD5 checksum: 44708 2ed6b07d9ef09967812b79e897034310\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_i386.deb\n Size/MD5 checksum: 199976 baa7d28e34b5fde83cc018b5a5d4c15a\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_i386.deb\n Size/MD5 checksum: 78690 03c98f8a8ab9c46c51211cf03477a596\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_i386.deb\n Size/MD5 checksum: 220864 e29f350428d1b68225d7c8ba7cd3a1ae\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_i386.deb\n Size/MD5 checksum: 27222 139eb0bb1b4509126eb0f314bd06b3c6\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_i386.deb\n Size/MD5 checksum: 424062 813d3d51730c919ce8cce2619e8cb7a4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_ia64.deb\n Size/MD5 checksum: 1141736 e154e2940d769255c27812c88e6008ef\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_ia64.deb\n Size/MD5 checksum: 617516 446aab21fce2d72a0329aaacb13b0218\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_ia64.deb\n Size/MD5 checksum: 39822 c1d1672a1133ef3dc3e06bb35d44178a\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_ia64.deb\n Size/MD5 checksum: 44824 3860e662f447487c2d9bf8205456aece\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_ia64.deb\n Size/MD5 checksum: 257036 30475f72472985773c1865ac17bd3c89\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_ia64.deb\n Size/MD5 checksum: 4090302 8b6a05199dc1320125556dfc7926fae4\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_ia64.deb\n Size/MD5 checksum: 272332 83c9fa6e5604e602c3bc4f14a06eeae5\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_ia64.deb\n Size/MD5 checksum: 33502 4eed857b2d83a40e68d93e98ade6abc8\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_ia64.deb\n Size/MD5 checksum: 95656 89ebd5d71ad2b141d236d8c9b6a43903\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_ia64.deb\n Size/MD5 checksum: 1490970 713ad5906467e5b90cc4a3f53f0744f3\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_mips.deb\n Size/MD5 checksum: 44844 6b456d8c52239872cbd9f5542bff784b\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_mips.deb\n Size/MD5 checksum: 73664 f41bdb4eb005b8625dea2e409364ff87\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_mips.deb\n Size/MD5 checksum: 1193866 808245a31a56eabf2c0e5709b8fd2428\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_mips.deb\n Size/MD5 checksum: 470078 540998727df1f5c9428313f758cf884a\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_mips.deb\n Size/MD5 checksum: 39848 87bd4c93eb79695af218c0808a09e35a\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_mips.deb\n Size/MD5 checksum: 215272 4860e20d43c86f2735a31f44670618ec\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_mips.deb\n Size/MD5 checksum: 26668 62fb10d72d7ed01330fccf10286bbe6a\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_mips.deb\n Size/MD5 checksum: 184228 4e33ed1450dc3e80bebe4ba6e77a838b\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_mips.deb\n Size/MD5 checksum: 777292 e1e41bc61eccd7ecaea9584d38bf58e6\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_mips.deb\n Size/MD5 checksum: 3850956 d5f8bcc45254c4ef6d92d080556291b5\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_mipsel.deb\n Size/MD5 checksum: 182718 51b45846a45e5e82cc9e19c945a90ea5\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_mipsel.deb\n Size/MD5 checksum: 26546 86462ca5f14e03a354f66d78a2d2cd26\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_mipsel.deb\n Size/MD5 checksum: 213836 5ea221d730e499c8d119fadae2a10cf4\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_mipsel.deb\n Size/MD5 checksum: 767516 609ed9d94b80fc8de162755940085083\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_mipsel.deb\n Size/MD5 checksum: 39856 260898221c2f3d98aa4d2feea9dd8c79\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_mipsel.deb\n Size/MD5 checksum: 44834 4888af4ae1674af7cb9f3ad0bc8ed08d\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_mipsel.deb\n Size/MD5 checksum: 3558410 71a2d6eeaf4f098991037d9591960959\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_mipsel.deb\n Size/MD5 checksum: 465932 0b83d1e7850c8db7bbe6ba6910f277ec\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_mipsel.deb\n Size/MD5 checksum: 72646 d9d3544bf7737fd39c05fa581d7a0d09\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_mipsel.deb\n Size/MD5 checksum: 1090376 cd526c5cebb53ccce2328f082daa74c7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_powerpc.deb\n Size/MD5 checksum: 204176 7cb6fb9fb3236cc8511d651c775d073e\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_powerpc.deb\n Size/MD5 checksum: 460872 1447cb90c1f474fd61cc9983cfa556d3\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_powerpc.deb\n Size/MD5 checksum: 87052 d313378dd667914afa23fe31b6c05ee3\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_powerpc.deb\n Size/MD5 checksum: 4448862 2f5163953f563c2f019c1dbc9bab43dc\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_s390.deb\n Size/MD5 checksum: 1233568 235630e792f502b5c37faae115045df9\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_s390.deb\n Size/MD5 checksum: 428186 103147901d6a2cfaeff2035ff2c28288\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_s390.deb\n Size/MD5 checksum: 197704 27ec7c3bd31a449d20da04226b6e468c\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_s390.deb\n Size/MD5 checksum: 44804 cd801280cf417fae3e179ef4fe3a66e1\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_s390.deb\n Size/MD5 checksum: 848578 de7ce789ecb6c16795b931402f0b1660\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_s390.deb\n Size/MD5 checksum: 4723822 97ac517c81a1d4dab7935a2be919cca7\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_s390.deb\n Size/MD5 checksum: 80696 92acd50da0e8385d15aae03ffc1a0d02\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_s390.deb\n Size/MD5 checksum: 229200 2441d31d47eabc618d623d32d7e13b5d\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_s390.deb\n Size/MD5 checksum: 39816 1cc5bd0bd313ca10b6da5724c48731c4\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_s390.deb\n Size/MD5 checksum: 28226 f4847e4e43da82482df59db35202f2d2\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_sparc.deb\n Size/MD5 checksum: 3816108 f57bba921d5e899118e7fe8f5bb23f65\n http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_sparc.deb\n Size/MD5 checksum: 27342 3c40d8e2de20d5dcc598bd710af5656b\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_sparc.deb\n Size/MD5 checksum: 40232 c2d60a1f8c2b5796274c15e4ca5a10ed\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_sparc.deb\n Size/MD5 checksum: 79978 ad93d7013e82d2a3c00989bd52fb5439\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_sparc.deb\n Size/MD5 checksum: 44848 8c6c3a8de0ab991d34114ee39bf2f3db\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_sparc.deb\n Size/MD5 checksum: 206984 57e6d5d73e1d1e7751471c0759fa5977\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_sparc.deb\n Size/MD5 checksum: 218028 7424acce24e5c5c0017d04030e176377\n http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_sparc.deb\n Size/MD5 checksum: 1344914 a1fab1a73f632b64a8cd65d253716481\n http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_sparc.deb\n Size/MD5 checksum: 1009372 037974812670103391815dd83fa3e0fa\n http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_sparc.deb\n Size/MD5 checksum: 408546 720bec76be68d6ed4300c38c125745e1\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2009-12-07T22:59:47", "published": "2009-12-07T22:59:47", "id": "DEBIAN:DSA-1947-1:859D4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00270.html", "title": "[SECURITY] [DSA 1947-1] New Shibboleth packages fix cross-site scripting", "type": "debian", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-06T09:45:47", "description": "Matt Elder discovered that Shibboleth, a federated web single sign-on\nsystem is vulnerable to script injection through redirection URLs.\nMore details can be found in the Shibboleth advisory at\nhttp://shibboleth.internet2.edu/secadv/secadv_20091104.txt.", "edition": 27, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1947-1 : shibboleth-sp, shibboleth-sp2, opensaml2 - missing input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3300"], "modified": "2010-02-24T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:shibboleth-sp2", "cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:opensaml2", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:shibboleth-sp"], "id": "DEBIAN_DSA-1947.NASL", "href": "https://www.tenable.com/plugins/nessus/44812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1947. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44812);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3300\");\n script_xref(name:\"DSA\", value:\"1947\");\n\n script_name(english:\"Debian DSA-1947-1 : shibboleth-sp, shibboleth-sp2, opensaml2 - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matt Elder discovered that Shibboleth, a federated web single sign-on\nsystem is vulnerable to script injection through redirection URLs.\nMore details can be found in the Shibboleth advisory at\nhttp://shibboleth.internet2.edu/secadv/secadv_20091104.txt.\"\n );\n # http://shibboleth.internet2.edu/secadv/secadv_20091104.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.internet2.edu/products-services/trust-identity/shibboleth/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1947\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the Shibboleth packages.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.3f.dfsg1-2+etch2 of shibboleth-sp.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version\n2.0.dfsg1-4+lenny2 of shibboleth-sp2 and version 2.0-2+lenny2 of\nopensaml2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:opensaml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:shibboleth-sp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:shibboleth-sp2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libapache2-mod-shib\", reference:\"1.3f.dfsg1-2+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libshib-dev\", reference:\"1.3f.dfsg1-2+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libshib-target5\", reference:\"1.3f.dfsg1-2+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libshib6\", reference:\"1.3f.dfsg1-2+etch2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libapache2-mod-shib\", reference:\"1.3.1.dfsg1-3+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libapache2-mod-shib2\", reference:\"2.0.dfsg1-4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsaml2\", reference:\"2.0-2+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsaml2-dev\", reference:\"2.0-2+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsaml2-doc\", reference:\"2.0-2+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libshib-dev\", reference:\"1.3.1.dfsg1-3+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libshib-target5\", reference:\"1.3.1.dfsg1-3+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libshib6\", reference:\"1.3.1.dfsg1-3+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libshibsp-dev\", reference:\"2.0.dfsg1-4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libshibsp-doc\", reference:\"2.0.dfsg1-4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libshibsp1\", reference:\"2.0.dfsg1-4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"opensaml2-schemas\", reference:\"2.0-2+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"opensaml2-tools\", reference:\"2.0-2+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"shibboleth-sp2-schemas\", reference:\"2.0.dfsg1-4+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}]}