Bug 1392829 (CVE-2016-8638) - CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions
Summary: CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions
Alias: CVE-2016-8638
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
: 1526610 (view as bug list)
Depends On: 1394116 1394117 1396973
Blocks: 1392831
TreeView+ depends on / blocked
Reported: 2016-11-08 10:34 UTC by Adam Mariš
Modified: 2021-02-17 03:04 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions.
Clone Of:
Last Closed: 2016-11-21 13:36:27 UTC

Attachments (Terms of Use)
Upstream patch (8.61 KB, patch)
2016-11-08 12:34 UTC, Adam Mariš
no flags Details | Diff

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2809 0 normal SHIPPED_LIVE Important: ipsilon security update 2016-11-21 16:22:07 UTC

Description Adam Mariš 2016-11-08 10:34:27 UTC

A vulnerability in ipsilon was found that allows attacker to log out active
sessions of other users. This issue is related to how it tracks sessions, and
allows an unauthenticated attacker to view and terminate active sessions from
other users.

Affected versions

All versions of Ipsilon 2.0 before 2.0.2 are vulnerable.
All versions of Ipsilon 1.2 before 1.2.1 are vulnerable.
All versions of Ipsilon 1.1 before 1.1.2 are vulnerable.
All versions of Ipsilon 1.0 before 1.0.3 are vulnerable.


Upstream patch

Comment 1 Adam Mariš 2016-11-08 10:34:33 UTC

Name: Patrick Uiterwijk (Red Hat), Howard Johnson

Comment 2 Adam Mariš 2016-11-08 12:34:55 UTC
Created attachment 1218514 [details]
Upstream patch

Comment 8 Cedric Buissart 2016-11-21 10:09:19 UTC
Created ipsilon tracking bugs for this issue:

Affects: fedora-all [bug 1396973]

Comment 9 errata-xmlrpc 2016-11-21 11:22:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2809 https://rhn.redhat.com/errata/RHSA-2016-2809.html

Comment 10 Pedro Sampaio 2017-12-18 13:21:04 UTC
*** Bug 1526610 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.