Ubuntu 16.04 LTS : PySAML2 vulnerability (USN-5066-2)

medium Nessus Plugin ID 153361

Language:

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5066-2 advisory.

 - PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only
 _x509 certificates_ for the verification process of the SAML document signature. This is fixed in PySAML2 6.5.0. (CVE-2021-21239)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-pysaml2 and / or python3-pysaml2 packages.

See Also

https://ubuntu.com/security/notices/USN-5066-2

Plugin Details

Severity: Medium

ID: 153361

File Name: ubuntu_USN-5066-2.nasl

Version: 1.3

Type: local

Agent: unix

Published: 9/14/2021

Updated: 1/17/2023

Supported Sensors: Frictionless Assessment Azure, Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-21239

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:python-pysaml2, p-cpe:/a:canonical:ubuntu_linux:python3-pysaml2

Required KB Items: Host/Debian/dpkg-l, Host/Ubuntu, Host/cpu, Host/Ubuntu/release

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2021

Vulnerability Publication Date: 1/21/2021

Reference Information

CVE: CVE-2021-21239

USN: 5066-2