PT-2009-5769 · Internet2 · Xmltooling+2

Publicado

2009-09-29

Atualizado

2017-08-17

CVE-2009-3476

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenSAML versions prior to 1.1.3 Internet2 Shibboleth Service Provider software versions 1.3.x prior to 1.3.4 XMLTooling versions prior to 1.2.2 Internet2 Shibboleth Service Provider software versions 2.x prior to 2.2.1

Description A buffer overflow issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

Recommendations For OpenSAML versions prior to 1.1.3, update to version 1.1.3 or later. For Internet2 Shibboleth Service Provider software versions 1.3.x prior to 1.3.4, update to version 1.3.4 or later. For XMLTooling versions prior to 1.2.2, update to version 1.2.2 or later. For Internet2 Shibboleth Service Provider software versions 2.x prior to 2.2.1, update to version 2.2.1 or later.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2009-3476

DSA-1895-1

DSA-1895-2

DSA-1896-1

Produtos afetados

Opensaml

Shibboleth Service Provider

Xmltooling

PT-2009-5769 · Internet2 · Xmltooling+2

CVE-2009-3476

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9