Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation resources documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability
vulnerability note CVE-2009-2508 CVE-2009-2509
Windows: two vulnerabilities of ADFS

Synthesis of the vulnerability
An authenticated attacker can use two vulnerabilities of ADFS, in order to spoof the identity of a user, or to execute code.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/12/2009.

Impacted products

Description of the vulnerability
The ADFS (Active Directory Federation Services) feature manages the SSO (Single Sign-On) authentication of users who access to several web services. ADFS can be enabled on the IIS web server, and is reachable with a web client implementing WS-* (SOAP, WSDL and UUDI). ADFS is impacted by two vulnerabilities.

An attacker, who gains access to the cache of victim's web browser, can read and then reuse ADFS data during 10 hours, even if the victim logged off the web site. The attacker can therefore access to a web service, under the identity of the victim. [severity:2/4; BID-37215, CVE-2009-2508, >]

A remote authenticated attacker can use an HTTP-ADFS query with a malicious header, in order to execute code on IIS. [severity:3/4; BID-37214, CVE-2009-2509, >]

Characteristics
Title: Windows: two vulnerabilities of ADFS
Identifiers: 971726, BID-37214, BID-37215, CVE-2009-2508, CVE-2009-2509, MS09-070, VIGILANCE-VUL-9244.
Url: https://vigilance.fr/tree/1/9244

Information sources
Publications and announces
Source example: MS09-070 - Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

Solutions for this vulnerability
Patch or workaround

Supplements

Vulnerability : Single Sign On Spoofing in ADFS Vulnerability - CVE-2009-2508
An attacker, who gains access to the cache of victim's web browser, can read and then reuse ADFS data during 10 hours, even if the victim logged off the web site. The attacker can therefore access to a web service, under the identity of the victim.
Severity: 2/4.
Identifiers: BID-37215, CVE-2009-2508.

Vulnerability : Remote Code Execution in ADFS Vulnerability - CVE-2009-2509
A remote authenticated attacker can use an HTTP-ADFS query with a malicious header, in order to execute code on IIS.
Severity: 3/4.
Identifiers: BID-37214, CVE-2009-2509.



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française