Ubuntu Update For Keystone USN-1552-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1552-1

Solution

Please Install the Updated Packages.

Insight

Dolph Mathews discovered that OpenStack Keystone did not properly restrict to administrative users the ability to update users' tenants. A remote attacker that can reach the administrative API can use this to add any user to any tenant. (CVE-2012-3542) Derek Higgins discovered that OpenStack Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that has been disabled or has a changed password. (CVE-2012-3426)

Affected

keystone on Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2012-3426, CVE-2012-3542
CVSS Base Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N

Related Vulnerabilities

Ubuntu Update for colord USN-1289-1
Ubuntu Update for clamav USN-2157-1
Ubuntu Update for avahi vulnerability USN-402-1
Ubuntu Update for clamav vulnerabilities USN-945-1
Ubuntu Update for cinder USN-1731-1

Ubuntu Update for keystone USN-1552-1

Take action and discover your vulnerabilities