Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."
References
Link | Resource |
---|---|
https://shibboleth.atlassian.net/browse/SSPCPP-961 | Exploit Issue Tracking Third Party Advisory |
https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335545/Install+on+Windows#Restricting-ACLs | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
11 Apr 2024, 01:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Nov 2023, 04:07
Type | Values Removed | Values Added |
---|---|---|
Summary | Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake." |
23 Jan 2023, 15:26
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.3 |
First Time |
Microsoft windows
Microsoft Shibboleth Shibboleth service Provider |
|
CWE | CWE-427 | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
References | (MISC) https://shibboleth.atlassian.net/browse/SSPCPP-961 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335545/Install+on+Windows#Restricting-ACLs - Third Party Advisory |
11 Jan 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-11 02:15
Updated : 2024-04-11 01:18
NVD link : CVE-2023-22947
Mitre link : CVE-2023-22947
CVE.ORG link : CVE-2023-22947
JSON object : View
Products Affected
microsoft
- windows
shibboleth
- service_provider
CWE
CWE-427
Uncontrolled Search Path Element