Lucene search

K

RedHat Update for ipsilon RHSA-2016:2809-01

🗓️ 22 Nov 2016 00:00:00Reported by Copyright (C) 2016 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 13 Views

RedHat Update for ipsilon RHSA-2016:2809-01. Vulnerability in SAML2 provider's session handlin

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2016-8638
12 Jul 201713:00
cvelist
NVD
CVE-2016-8638
12 Jul 201713:29
nvd
NVD
CVE-2017-16855
16 Nov 201718:29
nvd
Fedora
[SECURITY] Fedora 25 Update: ipsilon-2.0.2-2.fc25
28 Dec 201620:21
fedora
Fedora
[SECURITY] Fedora 24 Update: ipsilon-2.0.2-2.fc24
28 Dec 201621:49
fedora
Tenable Nessus
Fedora 25 : ipsilon (2016-2d8fb6d7ad)
29 Dec 201600:00
nessus
Tenable Nessus
Fedora 24 : ipsilon (2016-b465090499)
29 Dec 201600:00
nessus
Tenable Nessus
Oracle Linux 7 : ipsilon (ELSA-2016-2809)
22 Nov 201600:00
nessus
Tenable Nessus
CentOS 7 : ipsilon (CESA-2016:2809)
28 Nov 201600:00
nessus
Tenable Nessus
EulerOS 2.0 SP2 : ipsilon (EulerOS-SA-2018-1013)
19 Jan 201800:00
nessus
Rows per page
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.871720");
  script_version("2024-03-21T05:06:54+0000");
  script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
  script_tag(name:"creation_date", value:"2016-11-22 05:36:49 +0100 (Tue, 22 Nov 2016)");
  script_cve_id("CVE-2016-8638");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-01-05 02:31:00 +0000 (Fri, 05 Jan 2018)");
  script_tag(name:"qod_type", value:"package");
  script_name("RedHat Update for ipsilon RHSA-2016:2809-01");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'ipsilon'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"insight", value:"The ipsilon packages provide the Ipsilon
identity provider service for federated single sign-on (SSO). Ipsilon links
authentication providers and applications or utilities to allow for SSO. It includes
a server and utilities to configure Apache-based service providers.

Security Fix(es):

  * A vulnerability was found in ipsilon in the SAML2 provider's handling of
sessions. An attacker able to hit the logout URL could determine what
service providers other users are logged in to and terminate their
sessions. (CVE-2016-8638)

This issue was discovered by Patrick Uiterwijk (Red Hat) and Howard
Johnson.");
  script_tag(name:"affected", value:"ipsilon on Red Hat Enterprise Linux Server (v. 7)");
  script_tag(name:"solution", value:"Please Install the Updated Packages.");

  script_xref(name:"RHSA", value:"2016:2809-01");
  script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00078.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_7");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release) exit(0);

res = "";

if(release == "RHENT_7")
{

  if ((res = isrpmvuln(pkg:"ipsilon", rpm:"ipsilon~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-authform", rpm:"ipsilon-authform~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-authgssapi", rpm:"ipsilon-authgssapi~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-authldap", rpm:"ipsilon-authldap~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-base", rpm:"ipsilon-base~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-client", rpm:"ipsilon-client~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-filesystem", rpm:"ipsilon-filesystem~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-infosssd", rpm:"ipsilon-infosssd~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-persona", rpm:"ipsilon-persona~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-saml2", rpm:"ipsilon-saml2~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-saml2-base", rpm:"ipsilon-saml2-base~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ipsilon-tools-ipa", rpm:"ipsilon-tools-ipa~1.0.0~13.el7_3", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
22 Nov 2016 00:00Current
9.3High risk
Vulners AI Score9.3
CVSS26.4
CVSS39.1
EPSS0.008
13
.json
Report