[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[upki-fed:01087] 【補足情報】【注意喚起】Shibboleth IdPの脆弱性について



$B3XG'>pJs8r49(BML$B;22CpJs3X8&5f=j!!3XG';vL36I$NLnED$G$9!#(B
$B$$$D$b3XG'$N1?1D$K$46(NO2<$5$j!$$"$j$,$H$&$4$6$$$^$9!#(B

2016$BG/(B11$B7n(B1$BF|IU$G%"%J%&%s%9$$$?$7$^$7$?(B
$B!V(BShibboleth IdP$B!W$N(BLDAP result caching$B5!G=$N@HpJs$r$*CN$i$;$$$?$7$^$9!#(B


2016$BG/(B11$B7n(B11$BF|$K(BShibboleth IdP V3.3.0([2])$B$,%j%j!<%9$5$l$^$7$?!#(B
LDAP result caching$B5!G=$,I,MW$J5!4X$K$*$+$l$^$7$F$O!$(B3.3.0$B%j%j!<%98e$K(B
$B%"%C%W%G!<%H$r9T$C$?>e$G!$2~$a$F(B<ResultCache>$BMWAG$r@_Dj$7$F$/$@$5$$!#(B

$B$^$?!$(BV3.3.0$B$G$O!V(BLDAP$B@\B3$K%?%$%`%"%&%H$,@_Dj$5$l$F$*$i$:!$DL?.4D6-$,(B
$BIT0BDj$J>l9g$K%m%C%/$9$k!WIT6q9g$K$D$$$F$b=$@5$5$l$F$$$^$9!#(B([3][4][5])




$B;29M>pJs(B:

[1] [upki-fed:01079] $B!ZCm0U4-5/![(BShibboleth IdP$B$N@Hhttps://www.gakunin.jp/ml-archives/upki-fed/msg01067.html

[2] Shibboleth Identity Provider V3.3.0 Released
https://wiki.shibboleth.net/confluence/display/NEWS/2016/11/10/Shibboleth+Identity+Provider+V3.3.0+Released

[3] shibboleth-users ML
https://marc.info/?t=147387654300001&r=1&w=2

[4] GitHub vt-middleware/ldaptive
https://github.com/vt-middleware/ldaptive/issues/81

[5] Set default responseTimeout for LDAP auth
https://issues.shibboleth.net/jira/browse/IDP-986







On 2016/11/01 10:34, $B3XG';vL36I!!Kv1J(B wrote:
$B3XG'>pJs8r49%a!<%j%s%0%j%9%H;22CpJs3X8&5f=j!!3XG';vL36I$G$9!#(B
$BJ?AG$h$j3XG'$N1?1D$K$46(NO$r;r$j!$$"$j$,$H$&$4$6$$$^$9!#(B

Shibboleth Project$B$h$j!$(BShibboleth IdP$B$K4X$9$k@Hl9g(B
$B$K$O!$K\@Hl9g$O(B<ResultCache>$BMWAG$rDj5A$7$F(B
  $B$$$^$;$s!#(B

Shibboleth IdP$B$N@_Dj$r$43NG'$$$?$@$-!$(B<ResultCache>$BMWAG$rDj5A$5$l$F$$$k(B
$B>l9g$K$O2<5-$N$4BP1~$r$*4j$$$$$?$7$^$9!#(B

----------------------------------------------------------------------

- attribute-resolver.xml$B$+$i(B<ResultCache>$BMWAG$r:o=|$7$F(BShibboleth IdP$B$r(B
  $B:F5/F0$7!$(BLDAP result caching$B5!G=$rL58z2=$7$F$/$@$5$$!#(B

- $BK\@Hl9g$O!$(B3.3.0$B%j%j!<%98e$K%"%C%W%G!<%H$r(B
$B!!9T$C$?>e$G!$2~$a$F(B<ResultCache>$BMWAG$r@_Dj$7$F$/$@$5$$!#(B

----------------------------------------------------------------------

$B>\:Y$O0J2<$N;29M>pJs$r$4;2>H$/$@$5$$!#(B

$B;29M>pJs(B:

[1] Shibboleth Identity Provider Security Advisory [27 October 2016]
http://shibboleth.net/community/advisories/secadv_20161027.txt



--
=========================================================
$B!!9qN)>pJs3X8&5f=j(B $B3X=Q4pHW2](B $B3XG';vL36I!!!JC4Ev!'LnED!K(B
$B!!(BTEL$B!'(B03-4212-2218$B!!(xxxxxxxxxxxxxxx@xxxxxxxxx
$B!!3XG'(BWeb$B%Z!<%8(B  https://www.gakunin.jp/
$B!!?=@A%7%9%F%`(B   https://office.gakunin.nii.ac.jp/
=========================================================