Entr'ouvert Lasso Denial-of-Service Vulnerability in SAML Assertion Handling

A denial-of-service vulnerability has been identified in Entr'ouvert Lasso versions 2.5.1 and 2.8.2. The issue arises in the 'g_assert_not_reached' functionality, where a remote attacker can send a specially crafted SAML assertion response that triggers an assertion error, causing the application to crash. This vulnerability is rooted in the Lasso SAML Library, which is used for handling SAML authentication and assertions, and can be exploited by sending malformed XML data that is improperly parsed, leading to a reachable assertion error.

Impact

Exploitation of this vulnerability causes a crash, leading to a denial-of-service condition where the application becomes unresponsive or unavailable.

Reproduction

To reproduce this vulnerability, send a malformed SAML assertion response to an application using Entr'ouvert Lasso 2.5.1 or 2.8.2. The response should be crafted to include XML data that, when parsed, is not recognized as a comment or valid XML element, triggering the 'g_assert_not_reached' macro. This can be done by manipulating the SAML response to include invalid or unexpected XML that disrupts normal parsing, particularly avoiding nodes that are ignored by the parser, such as comments or text nodes.

Remediation

Users can update to Entr'ouvert Lasso versions 2.5.2 or 2.8.3, where this vulnerability has been patched.