Ubuntu Update For Keystone USN-1552-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1552-1

Solution

Please Install the Updated Packages.

Insight

Dolph Mathews discovered that OpenStack Keystone did not properly restrict to administrative users the ability to update users' tenants. A remote attacker that can reach the administrative API can use this to add any user to any tenant. (CVE-2012-3542) Derek Higgins discovered that OpenStack Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that has been disabled or has a changed password. (CVE-2012-3426)

Affected

keystone on Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2012-3426, CVE-2012-3542

CVSS	Base Score: 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N

Related Vulnerabilities

Ubuntu Update for dovecot USN-1143-1
Ubuntu Update for apache2 USN-1903-1
Ubuntu Update for dovecot USN-2213-1
Ubuntu Update for cupsys vulnerability USN-606-1
Ubuntu Update for curl USN-2048-1

Ubuntu Update for keystone USN-1552-1

Take action and discover your vulnerabilities