Ubuntu Update For Keystone USN-1641-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1641-1

Solution

Please Install the Updated Packages.

Insight

Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. (CVE-2012-5571) It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password. This issue was previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10. (CVE-2012-5563)

Affected

keystone on Ubuntu 12.10 , Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-November/001906.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3426, CVE-2012-5563, CVE-2012-5571
CVSS Base Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N

Related Vulnerabilities

Ubuntu Update for keystone USN-1641-1

Take action and discover your vulnerabilities