Ubuntu update for mod_auth_mellon



Published: 2019-03-28
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-3877
CVE-2019-3878
CWE-ID CWE-601
CWE-287
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
libapache2-mod-auth-mellon (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Open redirect

EUVDB-ID: #VU18090

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3877

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in the apr_uri_parse() function within the logout URL. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Update the affected packages.

Ubuntu 18.10
libapache2-mod-auth-mellon - 0.14.0-1ubuntu0.1
Ubuntu 18.04 LTS
libapache2-mod-auth-mellon - 0.13.1-1ubuntu0.1

Vulnerable software versions

libapache2-mod-auth-mellon (Ubuntu package): 0.0.1-1 - 0.14.1-1

External links

http://usn.ubuntu.com/3924-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authentication

EUVDB-ID: #VU18091

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3878

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing certain headers. A remote attacker can add special HTTP headers that are normally used to start the special SAML ECP, bypass authentication process and gain unauthorized access to the application.

Successful exploitation of the vulnerability requires that Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users.

Mitigation

Update the affected packages.

Ubuntu 18.10
libapache2-mod-auth-mellon - 0.14.0-1ubuntu0.1
Ubuntu 18.04 LTS
libapache2-mod-auth-mellon - 0.13.1-1ubuntu0.1

Vulnerable software versions

libapache2-mod-auth-mellon (Ubuntu package): 0.0.1-1 - 0.14.1-1

External links

http://usn.ubuntu.com/3924-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###