FreeBSD Bugzilla – Attachment 225495 Details for
Bug 256374
inform users via security/vuxml about the recent sogo vulnerability
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml entry
sogo.patch (text/plain), 1.50 KB, created by
rob2g2
on 2021-06-02 11:58:05 UTC
(
hide
)
Description:
vuxml entry
Filename:
MIME Type:
Creator:
rob2g2
Created:
2021-06-02 11:58:05 UTC
Size:
1.50 KB
patch
obsolete
>*** vuln.xml.orig Wed Jun 2 13:42:32 2021 >--- vuln.xml Wed Jun 2 13:48:50 2021 >*************** >*** 78 **** >--- 79,119 ---- >+ <vuln vid="69815a1d-c31d-11eb-9633-b42e99a1b9c3"> >+ <topic>SOGo -- SAML user authentication impersonation</topic> >+ <affects> >+ <package> >+ <name>sogo</name> >+ <range><lt>5.1.1</lt></range> >+ </package> >+ <package> >+ <name>sogo-activesync</name> >+ <range><lt>5.1.1</lt></range> >+ </package> >+ <package> >+ <name>sogo2</name> >+ <range><lt>2.4.1</lt></range> >+ </package> >+ <package> >+ <name>sogo2-activesync</name> >+ <range><lt>2.4.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>sogo.nu reports:</p> >+ <blockquote cite="https://www.sogo.nu/news/2021/saml-vulnerability.html"> >+ <p>SOGo was not validating the signatures of any SAML assertions it received.</p> >+ <p>This means any actor with network access to the deployment could impersonate</p> >+ <p>users when SAML was the authentication method.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2021-33054</cvename> >+ <url>https://www.sogo.nu/news/2021/saml-vulnerability.html</url> >+ <url>https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html</url> >+ </references> >+ <dates> >+ <discovery>2021-06-01</discovery> >+ <entry>2021-06-02</entry> >+ </dates> >+ </vuln> >+
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 256374
: 225495