Debian update for ruby-saml

Published: 2024-09-21 | Updated: 2024-10-11

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-45409
CWE-ID	CWE-347
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	Debian Linux Operating systems & Components / Operating system ruby-saml (Debian package) Operating systems & Components / Operating system package or component
Vendor	Debian

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper verification of cryptographic signature

EUVDB-ID: #VU97454

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2024-45409

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass SAML authentication.

The vulnerability exists due to the library does not properly verify the signature of the SAML Response. A remote non-authenticated attacker with access to any signed SAML document (by the IdP) can forge a SAML Response/Assertion with arbitrary contents, bypass authentication process and login under an arbitrary account within the application.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected application.

Mitigation

Update ruby-saml package to version 1.13.0-1+deb12u1.

Vulnerable software versions

Debian Linux: All versions

ruby-saml (Debian package): before 1.13.0-1+deb12u1

CPE2.3

External links

https://lists.debian.org/debian-security-announce/2024/msg00187.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.