Bug 1392829 (CVE-2016-8638) - CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions
Summary: CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions
Status: CLOSED ERRATA
Alias: CVE-2016-8638
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20161121,repo...
Keywords: Security
: 1526610 (view as bug list)
Depends On: 1394116 1394117 1396973
Blocks: 1392831
TreeView+ depends on / blocked
 
Reported: 2016-11-08 10:34 UTC by Adam Mariš
Modified: 2019-06-08 21:34 UTC (History)
7 users (show)

(edit)
A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions.
Clone Of:
(edit)
Last Closed: 2016-11-21 13:36:27 UTC


Attachments (Terms of Use)
Upstream patch (8.61 KB, patch)
2016-11-08 12:34 UTC, Adam Mariš
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2809 normal SHIPPED_LIVE Important: ipsilon security update 2016-11-21 16:22:07 UTC

Description Adam Mariš 2016-11-08 10:34:27 UTC
Description
===========

A vulnerability in ipsilon was found that allows attacker to log out active
sessions of other users. This issue is related to how it tracks sessions, and
allows an unauthenticated attacker to view and terminate active sessions from
other users.


Affected versions
=================

All versions of Ipsilon 2.0 before 2.0.2 are vulnerable.
All versions of Ipsilon 1.2 before 1.2.1 are vulnerable.
All versions of Ipsilon 1.1 before 1.1.2 are vulnerable.
All versions of Ipsilon 1.0 before 1.0.3 are vulnerable.

Reference
=========
https://ipsilon-project.org/advisory/CVE-2016-8638.txt

Upstream patch
==============
https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c

Comment 1 Adam Mariš 2016-11-08 10:34:33 UTC
Acknowledgments:

Name: Patrick Uiterwijk (Red Hat), Howard Johnson

Comment 2 Adam Mariš 2016-11-08 12:34 UTC
Created attachment 1218514 [details]
Upstream patch

Comment 8 Cedric Buissart 🐶 2016-11-21 10:09:19 UTC
Created ipsilon tracking bugs for this issue:

Affects: fedora-all [bug 1396973]

Comment 9 errata-xmlrpc 2016-11-21 11:22:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2809 https://rhn.redhat.com/errata/RHSA-2016-2809.html

Comment 10 Pedro Sampaio 2017-12-18 13:21:04 UTC
*** Bug 1526610 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.