Bug 754386 (CVE-2011-4314) - CVE-2011-4314 openid4java (AX extension): MITM due to improper validation of AX attribute signatures
Summary: CVE-2011-4314 openid4java (AX extension): MITM due to improper validation of ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-4314
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 754387 787092 787530 808950
TreeView+ depends on / blocked
 
Reported: 2011-11-16 10:50 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:48 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-04-25 02:35:17 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1798 0 normal SHIPPED_LIVE Low: JBoss Enterprise Application Platform 5.1.2 update 2011-12-09 00:15:15 UTC
Red Hat Product Errata RHSA-2011:1799 0 normal SHIPPED_LIVE Low: JBoss Enterprise Application Platform 5.1.2 update 2011-12-09 00:35:33 UTC
Red Hat Product Errata RHSA-2011:1800 0 normal SHIPPED_LIVE Low: JBoss Enterprise Application Platform 5.1.2 update 2011-12-09 00:45:54 UTC
Red Hat Product Errata RHSA-2011:1802 0 normal SHIPPED_LIVE Low: JBoss Enterprise Web Platform 5.1.2 update 2011-12-09 00:56:26 UTC
Red Hat Product Errata RHSA-2011:1803 0 normal SHIPPED_LIVE Low: JBoss Enterprise Web Platform 5.1.2 update 2011-12-09 00:56:10 UTC
Red Hat Product Errata RHSA-2011:1804 0 normal SHIPPED_LIVE Low: JBoss Enterprise Web Platform 5.1.2 update 2011-12-09 01:07:21 UTC
Red Hat Product Errata RHSA-2011:1805 0 normal SHIPPED_LIVE Low: JBoss Enterprise Application Platform 5.1.2 update 2011-12-09 01:07:16 UTC
Red Hat Product Errata RHSA-2011:1806 0 normal SHIPPED_LIVE Low: JBoss Enterprise Web Platform 5.1.2 update 2011-12-09 01:07:08 UTC
Red Hat Product Errata RHSA-2012:0378 0 normal SHIPPED_LIVE Low: JBoss Enterprise SOA Platform 5.2.0 update 2012-03-12 20:57:05 UTC
Red Hat Product Errata RHSA-2012:0441 0 normal SHIPPED_LIVE Moderate: JBoss Enterprise BRMS Platform 5.2.0 update 2012-04-02 23:30:04 UTC
Red Hat Product Errata RHSA-2012:0519 0 normal SHIPPED_LIVE Moderate: JBoss Enterprise Portal Platform 5.2.1 update 2012-04-25 06:10:00 UTC

Description Jan Lieskovsky 2011-11-16 10:50:44 UTC 
A security flaw was found in the way the Attribute Exchange (AX) extension of OpenID4Java, a Java library implementing and supporting various OpenID specifications, performed validation of attribute values passed to a Java application. It was not checking to ensure that the information provided through AX was signed. If AX was being used to receive information that the application only trusts the identity provider to assert, a remote attacker could use this flaw to conduct man-in-the-middle (MITM) attacks and compromise the integrity of this information via a specially-crafted request.

References:
[1] http://openid.net/2011/05/05/attribute-exchange-security-alert/
[2] http://secunia.com/advisories/44496/
[3] http://code.google.com/p/openid4java/source/browse/trunk/CHANGELOG?spec=svn662&r=662

Relevant upstream patch:
[4] http://code.google.com/p/openid4java/source/detail?r=661
Comment 1 Jan Lieskovsky 2011-11-16 10:58:33 UTC 
CVE request:
[5] http://www.openwall.com/lists/oss-security/2011/11/16/1
Comment 3 errata-xmlrpc 2011-12-08 19:16:38 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 6

Via RHSA-2011:1798 https://rhn.redhat.com/errata/RHSA-2011-1798.html
Comment 4 errata-xmlrpc 2011-12-08 19:36:56 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 5

Via RHSA-2011:1799 https://rhn.redhat.com/errata/RHSA-2011-1799.html
Comment 5 errata-xmlrpc 2011-12-08 19:47:32 UTC 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4

Via RHSA-2011:1800 https://rhn.redhat.com/errata/RHSA-2011-1800.html
Comment 6 errata-xmlrpc 2011-12-08 19:57:52 UTC 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 5

Via RHSA-2011:1803 https://rhn.redhat.com/errata/RHSA-2011-1803.html
Comment 7 errata-xmlrpc 2011-12-08 19:57:58 UTC 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 6

Via RHSA-2011:1802 https://rhn.redhat.com/errata/RHSA-2011-1802.html
Comment 8 errata-xmlrpc 2011-12-08 20:08:44 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Web Platform 5.1.2

Via RHSA-2011:1806 https://rhn.redhat.com/errata/RHSA-2011-1806.html
Comment 9 errata-xmlrpc 2011-12-08 20:08:51 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 5.1.2

Via RHSA-2011:1805 https://rhn.redhat.com/errata/RHSA-2011-1805.html
Comment 10 errata-xmlrpc 2011-12-08 20:08:56 UTC 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 4

Via RHSA-2011:1804 https://rhn.redhat.com/errata/RHSA-2011-1804.html
Comment 11 errata-xmlrpc 2012-03-12 16:59:33 UTC 
This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 5.2.0

Via RHSA-2012:0378 https://rhn.redhat.com/errata/RHSA-2012-0378.html
Comment 12 errata-xmlrpc 2012-04-02 19:31:05 UTC 
This issue has been addressed in following products:

  JBoss Enterprise BRMS Platform 5.2.0

Via RHSA-2012:0441 https://rhn.redhat.com/errata/RHSA-2012-0441.html
Comment 13 errata-xmlrpc 2012-04-25 02:11:54 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Portal Platform 5.2.1

Via RHSA-2012:0519 https://rhn.redhat.com/errata/RHSA-2012-0519.html
Note You need to log in before you can comment on or make changes to this bug.