—

PYSEC-2013-42

상세

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / keystone

최초 영향 버전: 2012.2.0 수정 버전: 2013.1.4

수정 pip install --upgrade 'keystone>=2013.1.4'

참고

https://bugs.launchpad.net/keystone/+bug/1202952 [ADVISORY]
http://osvdb.org/97237 [WEB]
http://seclists.org/oss-sec/2013/q3/586 [FIX]
http://rhn.redhat.com/errata/RHSA-2013-1285.html [ADVISORY]
http://secunia.com/advisories/54706 [ADVISORY]
http://www.ubuntu.com/usn/USN-2002-1 [ADVISORY]