IT 计算机信息网络安全技术

IT 技术
计算机安全
网络网站安全
白帽子漏洞

© IT 计算机信息网络安全技术 | Powered by LOFTER

CVE-2014-7294 NYU OpenSSO Integration 2.1 Dest Privilege Escalation Web Security Vulnerability


Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: December 14, 2014

Latest Update: January 05, 2015

Vulnerability Type: Open Redirect [CWE-601]

CVE Reference: CVE-2014-7294

mpact CVSS Severity (version 2.0):

CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification

Discover and Writer: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)





Suggestion Details:

(1) Vendor & Product Description:



Vendor:

NYU



Product & Vulnerable Versions:

OpenSSO Integration

2.1



Vendor URL & Download:

OpenSSO Integration can be obtrained from here,

http://www.exlibrisgroup.org/display/CrossProductCC/PDS+OpenSSO+Integration


Product Description:

"NYU has integrated PDS with Sun's OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries' single sign-on system and leverages NYU's OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services."


"The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library's SSO environment. The exception to this rule is EZProxy."

"Author: Scot Dalton

Additional author(s):

Institution: New York University

Year: 2009

License: BSD style

Short description: Use, modification and distribution of the code are permitted provided the copyright notice, list of conditions and disclaimer appear in all related material.

Link to terms: [Detailed license terms]"




(2) Vulnerability Details:

NYU Opensso Integration web application has a computer security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Other similar products 0day vulnerabilities have been found by some other bug hunter researchers before. NYU has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. "Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What's more, you can now subscribe to an RSS feed containing the specific tags that you are interested in - you will then only receive alerts related to those tags." It has published suggestions, advisories, solutions details related to website vulnerabilities.


(2.1) The vulnerability occurs at "PDS" service's logon page, with "&url" parameter.





References:
http://tetraph.com/security/cves/cve-2014-7294-ex-libris-patron-directory
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7294
http://seclists.org/fulldisclosure/2014/Dec/127
http://tetraph.blogspot.com/2015/02/cve-2014-7294-nyu-opensso-integration.html
http://diebiyi.com/articles/security/open-redirect/cve-2014-7294
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01506.html
http://lists.openwall.net/full-disclosure/2014/12/29/5
https://itswift.wordpress.com/2015/02/12/cve-2014-7294-nyu-opensso
https://vulnerabilitypost.wordpress.com/2015/02/10/cve-2014-7294
http://mathstopic.blogspot.com/2015/05/cve-2014-7294-nyu-opensso-integration.html
http://whitehatview.tumblr.com/post/110720300046/cve-2014-7294-nyu-opensso-integration
http://itsecurity.lofter.com/post/1cfbf9e7_5c6681c
http://www.inzeed.com/kaleidoscope/computer-security/cve-2014-7294
http://computerobsess.blogspot.com/2015/02/cve-2014-7294-nyu-opensso-integration.html

来源:日常生活點滴的記錄

评论
热度 ( 23 )
  1. 白帽子安全琐事,日常之事 转载了此图片  到 测试想法
  2. 白帽子安全行者路上有風有雨有彩虹 转载了此图片  到 竹意
  3. 白帽子安全行者路上有風有雨有彩虹 转载了此图片  到 湛天雲海碧波影
  4. 白帽子安全行者路上有風有雨有彩虹 转载了此图片  到 文豆 & 文库
  5. 白帽子安全行者路上有風有雨有彩虹 转载了此图片
  6. 计算机网络技术點滴的記錄 转载了此图片  到 行者路上有風有雨有彩虹
  7. 计算机网络技术點滴的記錄 转载了此图片  到 绿意蛙鸣
  8. 计算机网络技术點滴的記錄 转载了此图片  到 IT 计算机&信息网络 技术
  9. 计算机网络技术點滴的記錄 转载了此图片