Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-01-11T00:00:00
Updated: 2024-08-02T10:20:31.400Z
Reserved: 2023-01-11T00:00:00
Link: CVE-2023-22947
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-11T02:15:11.550
Modified: 2024-11-21T07:45:41.930
Link: CVE-2023-22947
Redhat
No data.