Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 09 May 2013 17:15:44 +0200
From: Thierry Carrez <thierry@...nstack.org>
To: "openstack@...ts.launchpad.net" <openstack@...ts.launchpad.net>, 
 oss-security@...ts.openwall.com, openstack-announce@...ts.openstack.org
Subject: [OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by
 default (CVE-2013-2030)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OpenStack Security Advisory: 2013-010
CVE: CVE-2013-2030
Date: May 9, 2013
Title: Nova uses insecure keystone middleware tmpdir by default
Reporter: Grant Murphy (Red Hat), Anton Lundin
Products: Nova
Affects: Folsom, Grizzly

Description:
Grant Murphy from Red Hat and Anton Lundin both independently reported a
vulnerability in Nova's default location for the Keystone middleware
signing directory (signing_dir). By previously setting up a malicious
directory structure, an attacker with local shell access on the Nova
node could potentially issue forged tokens that would be accepted by the
middleware. Only setups that use the default value for signing_dir are
affected. Note that future versions of the Keystone middleware will
issue a warning if an insecure signing directory is used.

Havana (development branch) fix:
https://review.openstack.org/#/c/28568/

Grizzly fix:
https://review.openstack.org/#/c/28569/

Folsom fix:
https://review.openstack.org/#/c/28570/

References:
https://bugs.launchpad.net/nova/+bug/1174608
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2030

- -- 
Thierry Carrez (ttx)
OpenStack Vulnerability Management Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCAAGBQJRi72dAAoJEFB6+JAlsQQjJZAQAJ5w/+BoBD4em8YklBsxU6wU
Bn1wWu3W5ngCNuHwr4ydWzC3U1TT1zWtogWJpv/+87m2KPESWhs7YGCkTIE9tLpA
sNOniOG9hGUsWwRgtUqjA8/8QzLgbNJ/PDJx0lrNPNkvMbHwP/jxotx353edhelQ
QAPJwVPBqu0vn2VZOeFWYNO/AnWNcjTXE0po92qaFvw3HWL3ykMd30w4Ejxv9clC
VjBjaNkReSkmcd/BaArtr1IenyYyVqM7nv/VWl5O5Up02+uvAozDmy6Cyc1O5VOW
6m9nRH2WKE/bFXcTEG4rpH+/BZxG2RuyklUBvVtSaEAQOWYFSwQKzjxGM3rItsWt
iuQYrakl6H69tRS3HS9pAXWdxSikSb8CqmVJauf3RG1/EQ7GtCO0kXVPi8fYBaTX
GpLmpY8bj6o2iY1Kh1bozZ2oYVLgPrhP2R4oj+4iaSN++gy2qs0d3AvIK0BzBKT+
fd7wAUpdxltM9eZS82VEQxIaOGUDqnGompEu3nPRv9KD5kZqgz/L/jp5I+PR3y1D
Uaj8W+FfF/AZtMRLJHl3I0kUHRhfuIusir5zja7UCoR6UEeipLvBzbi/DSGfBCRY
/VbBv9ZZBeQ+Kw4EwS4/7G5nw1RX4/bKGSi0zcwwmD2unB7Plm9MjI65yR4oFidl
uOpCYFwNk6PqCFED/mCz
=wjZ/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ