Ubuntu Update For Keystone USN-2061-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles.

Affected

keystone on Ubuntu 13.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-December/002350.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6391

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Ubuntu Update for apparmor USN-1676-1
Ubuntu Update for commons-daemon USN-1298-1
Ubuntu Update for apache2 USN-2152-1
Ubuntu Update for dovecot vulnerabilities USN-1059-1
Ubuntu Update for clamav USN-2157-1

Ubuntu Update for keystone USN-2061-1

Take action and discover your vulnerabilities