Executive Summary
Summary | |
---|---|
Title | OpenStack Keystone vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1875-1 | First vendor Publication | 2013-06-14 |
Vendor | Ubuntu | Last vendor Modification | 2013-06-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:N/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.5 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 Summary: Keystone did not always properly verify expired PKI tokens or properly authenticate users. Software Description: - keystone: OpenStack identity service Details: Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu 12.10 which does not use PKI tokens by default. (CVE-2013-2104) Jose Castro Leon discovered that Keystone did not properly authenticate users when using the LDAP backend. An attacker could obtain valid tokens and impersonate other users by supplying an empty password. By default, Ubuntu does not use the LDAP backend. (CVE-2013-2157) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: Ubuntu 12.10: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1875-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-287 | Improper Authentication |
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16572 | |||
Oval ID: | oval:org.mitre.oval:def:16572 | ||
Title: | USN-1851-1 -- libdmx vulnerability | ||
Description: | Several security issues were fixed in libdmx. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1851-1 CVE-2013-2104 | Version: | 5 |
Platform(s): | Ubuntu 13.04 | Product(s): | python-keystoneclient |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17063 | |||
Oval ID: | oval:org.mitre.oval:def:17063 | ||
Title: | USN-1875-1 -- OpenStack Keystone vulnerabilities | ||
Description: | Keystone did not always properly verify expired PKI tokens or properly authenticate users. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1875-1 CVE-2013-2104 CVE-2013-2157 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 13.04 | Product(s): | keystone |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-540.nasl - Type : ACT_GATHER_INFO |
2013-08-15 | Name : The remote Fedora host is missing a security update. File : fedora_2013-14302.nasl - Type : ACT_GATHER_INFO |
2013-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2013-10713.nasl - Type : ACT_GATHER_INFO |
2013-07-22 | Name : The remote Fedora host is missing a security update. File : fedora_2013-10467.nasl - Type : ACT_GATHER_INFO |
2013-06-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1875-1.nasl - Type : ACT_GATHER_INFO |
2013-06-04 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1851-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:02:08 |
|
2014-01-23 13:22:11 |
|
2014-01-21 21:25:06 |
|
2013-08-21 21:22:03 |
|
2013-08-21 13:21:55 |
|
2013-06-14 05:18:11 |
|