7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.1%
Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth :
Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution).
Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks.
Incorrect processing of SAML metadata ignores key usage constraints. This minor issue also needs a correction in the opensaml2 packages, which will be provided in an upcoming stable point release (and, before that, via stable-proposed-updates).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1895. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(44760);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2009-3474", "CVE-2009-3475");
script_bugtraq_id(36514, 36516);
script_xref(name:"DSA", value:"1895");
script_name(english:"Debian DSA-1895-1 : xmltooling - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities have been discovered in the xmltooling
packages, as used by Shibboleth :
- Chris Ries discovered that decoding a crafted URL leads
to a crash (and potentially, arbitrary code execution).
- Ian Young discovered that embedded NUL characters in
certificate names were not correctly handled, exposing
configurations using PKIX trust validation to
impersonation attacks.
- Incorrect processing of SAML metadata ignores key usage
constraints. This minor issue also needs a correction in
the opensaml2 packages, which will be provided in an
upcoming stable point release (and, before that, via
stable-proposed-updates)."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2009/dsa-1895"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the xmltooling packages.
For the stable distribution (lenny), these problems have been fixed in
version 1.0-2+lenny1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(310);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xmltooling");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/09/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"5.0", prefix:"libxmltooling-dev", reference:"1.0-2+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libxmltooling-doc", reference:"1.0-2+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libxmltooling1", reference:"1.0-2+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"xmltooling-schemas", reference:"1.0-2+lenny1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | xmltooling | p-cpe:/a:debian:debian_linux:xmltooling |
debian | debian_linux | 5.0 | cpe:/o:debian:debian_linux:5.0 |