1392829 – (CVE-2016-8638) CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions

Bug 1392829 (CVE-2016-8638) - CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions

Summary: CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-8638
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1526610 (view as bug list)
Depends On:	1394116 1394117 1396973
Blocks:	1392831
TreeView+	depends on / blocked

Reported:	2016-11-08 10:34 UTC by Adam Mariš
Modified:	2021-02-17 03:04 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions.
Clone Of:
Environment:
Last Closed:	2016-11-21 13:36:27 UTC

Attachments	(Terms of Use)
Upstream patch (8.61 KB, patch) 2016-11-08 12:34 UTC, Adam Mariš	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2809	0	normal	SHIPPED_LIVE	Important: ipsilon security update	2016-11-21 16:22:07 UTC

Description Adam Mariš 2016-11-08 10:34:27 UTC

Description
===========

A vulnerability in ipsilon was found that allows attacker to log out active
sessions of other users. This issue is related to how it tracks sessions, and
allows an unauthenticated attacker to view and terminate active sessions from
other users.


Affected versions
=================

All versions of Ipsilon 2.0 before 2.0.2 are vulnerable.
All versions of Ipsilon 1.2 before 1.2.1 are vulnerable.
All versions of Ipsilon 1.1 before 1.1.2 are vulnerable.
All versions of Ipsilon 1.0 before 1.0.3 are vulnerable.

Reference
=========
https://ipsilon-project.org/advisory/CVE-2016-8638.txt

Upstream patch
==============
https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c

Comment 1 Adam Mariš 2016-11-08 10:34:33 UTC

Acknowledgments:

Name: Patrick Uiterwijk (Red Hat), Howard Johnson

Comment 2 Adam Mariš 2016-11-08 12:34:55 UTC

Created attachment 1218514 [details]
Upstream patch

Comment 8 Cedric Buissart 2016-11-21 10:09:19 UTC

Created ipsilon tracking bugs for this issue:

Affects: fedora-all [bug 1396973]

Comment 9 errata-xmlrpc 2016-11-21 11:22:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2809 https://rhn.redhat.com/errata/RHSA-2016-2809.html

Comment 10 Pedro Sampaio 2017-12-18 13:21:04 UTC

*** Bug 1526610 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.