Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2516

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2516
Last Modified 31 Oct 2012 12:00:00
Published 11 Jul 2011 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2516

Summary

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.

Vulnerable Systems

Application

  • Apache Xml Security For C%2b%2b 1.6.0

  • Apache Xml Security For C%2b%2b 1.6.0

  • Shibboleth-sp 1.3.1

  • Shibboleth-sp 1.3.2

  • Shibboleth-sp 1.3.3

  • Shibboleth-sp 1.3.4

  • Shibboleth-sp 1.3.5

  • Shibboleth-sp 1.3f

  • Shibboleth-sp 2.0

  • Shibboleth-sp 2.1

  • Shibboleth-sp 2.2

  • Shibboleth-sp 2.2.1

  • Shibboleth-sp 2.3

  • Shibboleth-sp 2.3.1

  • Shibboleth-sp 2.4

  • Shibboleth-sp 2.4.1

  • Shibboleth-sp 2.4.2


References

CONFIRM - https://issues.apache.org/jira/browse/SANTUARIO-271

XF - apache-xml-dos(68420)

SECTRACK - 1025755

BID - 48611

BUGTRAQ - 20110707 Security Advisory: CVE-2011-2516

DEBIAN - DSA-2277

CONFIRM - http://shibboleth.internet2.edu/secadv/secadv_20110706.txt

SECUNIA - 45491

SECUNIA - 45198

SECUNIA - 45191

SECUNIA - 45151

CONFIRM - http://santuario.apache.org/secadv/CVE-2011-2516.txt

FEDORA - FEDORA-2011-9494

FEDORA - FEDORA-2011-9501


Last Updated: 27 May 2016 10:49:48