Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 15 Aug 2014 02:24:46 -0400 (EDT)
From: cve-assign@...re.org
To: tristan.cacqueray@...vance.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for vulnerability in OpenStack Keystone

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Multiple vulnerabilities in Keystone revocation events


> https://launchpad.net/bugs/1347961

> When MySQL is used to store revocation events, events are returned
> from the database with the timestamps truncated to the second. This
> causes a revocation event for a token (which has the issued_at
> timestamp to the microsecond) to not match

Use CVE-2014-5251.


> https://launchpad.net/bugs/1348820

> When the server converted a V2 token to a V3 token it regenerated the
> issued_at time ... This was causing the server to fail to revoke a V2
> token

Use CVE-2014-5252.


> https://launchpad.net/bugs/1349597

> A token scoped to a domain wouldn't be revoked for a domain-wide
> revocation event.

Use CVE-2014-5253.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT7ac2AAoJEKllVAevmvmsKIoH/id1hfj2XZ/6vUAbSgb4Yrar
y6Ozz2ma5KfeSXxC5BQs9TEh9w4sG2Bz6HTmGHjwt4XAhR6X/56d/xmHDtwJXyiu
NLEitTX6By23ehPVO26D4/h0wRFYzWve5ey/WLzeJVfM1P0HgBRxjeMFZF+rFcVm
OusIkEardviGTZDX+gz8YNu6Bmd+OMSVrAi0ow/Oyw2YVZPmRnFLi/xp66jHxHer
Hnq7c7lZ4Pna1N1L/3Bn3Cf/aW1V6u6FmIT6CP5697myylYEDTcvU9sX9suCxuzs
GrSXYHHXbK0BVJxYgUGeNbVVB1paxuQkuk2LnQNS6aOeOM8BIeAFZAySyWKKEs0=
=me1L
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ