Ubuntu Update For Keystone USN-1875-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu 12.10 which does not use PKI tokens by default. (CVE-2013-2104) Jose Castro Leon discovered that Keystone did not properly authenticate users when using the LDAP backend. An attacker could obtain valid tokens and impersonate other users by supplying an empty password. By default, Ubuntu does not use the LDAP backend. (CVE-2013-2157)

Affected

keystone on Ubuntu 13.04 , Ubuntu 12.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-June/002159.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2104, CVE-2013-2157
CVSS Base Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

Related Vulnerabilities

Ubuntu Update for acpi-support USN-2297-1
Ubuntu Update for cupsys vulnerability USN-606-1
Ubuntu Update for apparmor USN-1430-4
Ubuntu Update for cmake vulnerabilities USN-890-6
Ubuntu Update for apt-xapian-index USN-1955-1

Ubuntu Update for keystone USN-1875-1

Take action and discover your vulnerabilities