The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OpenSAML-C

vulnerability bulletin CVE-2017-16853

OpenSAML-C: privilege escalation via DynamicMetadataProvider

Synthesis of the vulnerability

An attacker can bypass restrictions via DynamicMetadataProvider of OpenSAML-C, in order to escalate his privileges.
Impacted products: Debian, OpenSAML-C, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 17/11/2017.
Identifiers: CVE-2017-16853, DLA-1178-1, DSA-4039-1, openSUSE-SU-2017:3241-1, SUSE-SU-2017:3234-1, VIGILANCE-VUL-24483.

Description of the vulnerability

An attacker can bypass restrictions via DynamicMetadataProvider of OpenSAML-C, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-0851

OpenSAML C++, Shibboleth Service Provider: denial of service via XML

Synthesis of the vulnerability

An attacker can send malicious XML data to OpenSAML C++ or Shibboleth Service Provider, in order to trigger a denial of service.
Impacted products: Debian, OpenSAML-C, Shibboleth SP, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/07/2015.
Identifiers: CVE-2015-0851, CVE-2015-2684-ERROR, DSA-3321-1, DSA-3321-2, VIGILANCE-VUL-17457.

Description of the vulnerability

The OpenSAML C++ library analyzes data in XML format using XMLTooling-C.

However, well formed XML data, but with an invalid schema, generates a fatal error in OpenSAML C++.

An attacker can therefore send malicious XML data to OpenSAML C++ or Shibboleth Service Provider, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OpenSAML-C: