CVE-2023-22947

NameCVE-2023-22947
DescriptionInsecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
shibboleth-sp (PTS)buster (security), buster, buster (lts)3.0.4+dfsg1-1+deb10u2fixed
bullseye3.2.2+dfsg1-1fixed
bookworm3.4.1+dfsg-2fixed
sid, trixie3.4.1+dfsg-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
shibboleth-spsource(unstable)(not affected)

Notes

- shibboleth-sp <not-affected> (Windows-specific)

Search for package or bug name: Reporting problems