Entr'ouvert Lasso Denial-of-Service Vulnerability in SAML Signature Verification

A denial-of-service vulnerability has been identified in Entr'ouvert Lasso version 2.5.1, specifically within the 'lasso_provider_verify_saml_signature' function. This vulnerability arises from a null pointer dereference caused by improper handling of SAML response namespaces. An attacker can exploit this by sending a crafted SAML response, leading to a crash of the application processing the response.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a segmentation fault and application crash, disrupting service availability.

Reproduction

The vulnerability can be reproduced by sending a malformed SAML response that triggers the 'lasso_provider_verify_saml_signature' function. The response must be crafted to include a namespace prefix that is not defined, causing the library to attempt to read an undefined value, which results in a null pointer dereference. This can be done using a SAML response that intentionally omits or misdefines necessary namespace declarations.

Remediation

Users are advised to update to the latest version of Entr'ouvert Lasso, as the vulnerability has been patched in version 2.5.1.