Bug 1410481 (CVE-2017-2582)
| Summary: | CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aileenc, alazarot, anstephe, asoldano, avibelli, bbaranow, bdawidow, bmaxwell, brian.stansberry, cdewolf, chazlett, csutherl, dandread, darran.lofthouse, dffrench, dimitris, dosoudil, drieden, drusso, etirelli, fnasser, gsterlin, hmlnarik, ibek, iweiss, jason.greene, java-sig-commits, jawilson, jbalunas, jclere, jcoleman, jmadigan, jondruse, jpallich, jperkins, jshepherd, kpiwko, krathod, kverlaen, kwills, lef, lgao, lgriffin, loleary, mbaluch, msochure, msvehla, mweiler, mwinkler, myarboro, ngough, nwallace, pbraun, pdrozd, pmackay, ppalaga, pslavice, psotirop, puntogil, pwright, rguimara, rnetuka, rrajasek, rstancel, rsvoboda, rsynek, rzhang, sdaley, security-response-team, smaestri, sthorger, theute, tkirby, tom.jenkinson, trepel, ttarrant, twalsh, vtunka |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-21 11:48:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1414137, 1414138, 1710644 | ||
| Bug Blocks: | 1410492, 1493931, 1510311 | ||
|
Description
Adam Mariš
2017-01-05 15:31:11 UTC
Upstream patch: https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237 Acknowledgments: Name: Hynek Mlnarik (Red Hat) JON-3 is not affected by this issue because it's not supported as a SSO Identity Provider. This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0.8 Via RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2810 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2808 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2809 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:2811 https://access.redhat.com/errata/RHSA-2017:2811 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2017:3218 https://access.redhat.com/errata/RHSA-2017:3218 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2017:3217 https://access.redhat.com/errata/RHSA-2017:3217 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Via RHSA-2017:3216 https://access.redhat.com/errata/RHSA-2017:3216 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2017:3220 https://access.redhat.com/errata/RHSA-2017:3220 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2017:3219 https://access.redhat.com/errata/RHSA-2017:3219 RHMAP services, UPS and Millicore don't use SAML features of embedded Keycloak. This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2018:2740 https://access.redhat.com/errata/RHSA-2018:2740 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2018:2741 https://access.redhat.com/errata/RHSA-2018:2741 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Via RHSA-2018:2742 https://access.redhat.com/errata/RHSA-2018:2742 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2018:2743 https://access.redhat.com/errata/RHSA-2018:2743 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2019:0139 https://access.redhat.com/errata/RHSA-2019:0139 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 Via RHSA-2019:0137 https://access.redhat.com/errata/RHSA-2019:0137 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 Via RHSA-2019:0136 https://access.redhat.com/errata/RHSA-2019:0136 This vulnerability is out of security support scope for the following product: * Red Hat Enterprise Application Platform 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details. Created picketlink tracking bugs for this issue: Affects: fedora-all [bug 1710644] |