Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <53343D02.7080904@enovance.com>
Date: Thu, 27 Mar 2014 16:00:18 +0100
From: Tristan Cacqueray <tristan.cacqueray@...vance.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2014-007] Potential context confusion in Keystone middleware
 (CVE-2014-0105)

OpenStack Security Advisory: 2014-007
CVE: CVE-2014-0105
Date: March 27, 2014
Title: Potential context confusion in Keystone middleware
Reporter: Kieran Spear (University of Melbourne)
Products: python-keystoneclient
Versions: All versions up to 0.6.0

Description:
Kieran Spear from the University of Melbourne reported a vulnerability
in Keystone auth_token middleware (shipped in python-keystoneclient). By
doing repeated requests, with sufficient load on the target system, an
authenticated user may in certain situations assume another
authenticated user's complete identity and multi-tenant authorizations,
potentially resulting in a privilege escalation. Note that it is related
to a bad interaction between eventlet and python-memcached that should
be avoided if the calling process already monkey-patches "thread" to use
eventlet. Only keystone middleware setups using auth_token with memcache
are vulnerable.

python-keystoneclient fix (included in 0.7.0 release):
https://review.openstack.org/81078

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
https://bugs.launchpad.net/bugs/1282865

-- 
Tristan Cacqueray
OpenStack Vulnerability Management Team




Download attachment "signature.asc" of type "application/pgp-signature" (556 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.