12 matches found
CVE-2019-19191
Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...
SUSE CVE-2019-19191
Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...
SUSE: Security Advisory (SUSE-SU-2019:3386-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:0115-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : shibboleth-sp (SUSE-SU-2020:0115-1)
This update for shibboleth-sp fixes the following issues : Security issue fixed : CVE-2019-19191: Fixed escalation to root by fixing ownership of log files bsc1157471. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenabl...
SUSE-SU-2020:0115-1 Security update for shibboleth-sp
This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files bsc1157471...
openSUSE: Security Advisory for shibboleth-sp (openSUSE-SU-2020:0020-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for shibboleth-sp (moderate)
openSUSE Security Update: Security update for shibboleth-sp Announcement ID: openSUSE-SU-2020:0020-1 Rating: moderate References: 1157471 Cross-References: CVE-2019-19191 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...
SUSE-SU-2019:3386-1 Security update for shibboleth-sp
This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files bsc1157471...
CVE-2019-19191
Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...
CVE-2019-19191
Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...
CVE-2019-19191
CVE-2019-19191 affects Shibboleth Service Provider (SP) 3.x before 3.1.0. The vulnerability arises from a spec file that calls chown on files in a directory owned by the shibd service user, enabling local escalation to root via symlinks (e.g., /etc/shadow). Affected advisories indicate the fix is...