Debian update for simplesamlphp

Published: 2019-11-07 | Updated: 2019-11-07
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-3465
CWE ID CWE-617
Exploitation vector Network
Public exploit N/A
Vulnerable software simplesamlphp (Debian package) Subscribe
Vendor Debian

Security Advisory

This security advisory describes one medium risk vulnerability.

1) Reachable Assertion

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-3465

CWE-ID: CWE-617 - Reachable Assertion

Description

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to an assertion failure when processing signatures, related to XPath expression "./secdsig:SignedInfo/secdsig:Reference". A remote attacker with ability to retrieve IdP can impersonate any user i the application.

Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information or compromise the affected application.

Mitigation

Update the affected package to version: 1.14.11-1+deb9u2, 1.16.3-1+deb10u1.

Vulnerable software versions

simplesamlphp (Debian package): 1.5.0~rc1-1, 1.5.1-1, 1.5.1~rc1-1, 1.6.0-1, 1.6.0~rc1-1, 1.6.1-1, 1.6.2-1, 1.6.3-1, 1.6.3-1+uvt1, 1.6.3-2, 1.6.3-3, 1.7.0-1, 1.7.0-2, 1.7.0~rc1-1, 1.8.0-1, 1.8.1-1, 1.8.2-1, 1.9.0-1, 1.9.0~rc1-1, 1.9.0~rc2-1, 1.9.1-1, 1.9.2-1, 1.9.2-1+deb7u1, 1.9.2-1+deb7u2, 1.9.2-1+deb7u3, 1.9.2-1+deb7u4, 1.10.0-1, 1.11.0-1, 1.11.0~rc1-1, 1.12.0-1, 1.12.0~rc1-1, 1.12.0~rc2-1, 1.13.0-1, 1.13.1-1, 1.13.1-2, 1.13.1-2+deb8u1, 1.13.1-2+deb8u2, 1.13.2-1, 1.14.0-1, 1.14.1-1, 1.14.2-1, 1.14.2-2, 1.14.3-1, 1.14.4-1, 1.14.5-1, 1.14.6-1, 1.14.7-1, 1.14.8-1, 1.14.9-1, 1.14.10-1, 1.14.11-1, 1.14.11-1+deb9u1, 1.14.15-1, 1.15.0-1, 1.15.1-1, 1.15.2-1, 1.15.3-1, 1.15.4-1, 1.16.0-1, 1.16.1-1, 1.16.2-1, 1.16.3-1, 1.17.0-1, 1.17.1-1, 1.17.2-1, 1.17.2-2, 1.17.3-1, 1.17.4-1, 1.17.5-1, 1.17.6-1

CPE External links

https://www.debian.org/security/2019/dsa-4560

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.