Ubuntu Update For Keystone USN-1730-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. (CVE-2013-0282) Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker could exploit this to cause a denial of service via resource exhaustion. Authenticated users could also use this to view arbitrary files on the Keystone server. (CVE-2013-1664, CVE-2013-1665)

Affected

keystone on Ubuntu 12.10 , Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/002002.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0282, CVE-2013-1664, CVE-2013-1665
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for cinder USN-2248-1
Ubuntu Update for apache2 USN-1903-1
Ubuntu Update for apache2 USN-1765-1
Ubuntu Update for ceilometer USN-2311-2
Ubuntu Update for bzip2 USN-1308-1

Ubuntu Update for keystone USN-1730-1

Take action and discover your vulnerabilities