Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Apr 2013 23:47:34 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: Open Source Security <oss-security@...ts.openwall.com>,
        Thierry Carrez <thierry@...nstack.org>
Subject: CVE-2013-2006 OpenStack keystone LDAP password disclosure in log
 files

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So as part of https://bugs.launchpad.net/ossn/+bug/1168252 we have
CVE-2013-1977 for the insecure file permissions (devstack/etc.). We
also have the password being logged and exposed in the log files:

https://review.openstack.org/#/c/26826/2/keystone/common/config.py

Please use CVE-2013-2006 for this issue (password being logged to the
log file).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRd3H2AAoJEBYNRVNeJnmTrvYP/0TiNMzFbXIMNG3xIiMbK7pi
mnyfT/ZMNPCnmg1KD2sk51v5ieiw8n5A1HUENULQhJSbGdZQGKnbkPSdWdGGyl6i
TA21oZYuiOuArUnpn2H0awyzjLQpotOvXk0cmCcNBAS0EFqx4+i5T33kzN/vgaN2
2Q1XviUb5lkj5xQOLm63aUIZhg1iEKuHmIWJlzurlIEA2J1Bbq2GZ3bLi03k6DZC
uV+bhB2FNfOH59TFqDiqglaJhVgtM1dVUiHLaVknS9D/IVlD4y86QKZ+fXZdXBuV
pcVVchgQ8EfS+fXwRnEbKrv/4KvsvFkuVZN5+kUYJNtObhnckR7xa93yR0V05rC1
jVaxqeivlv2tTHet3uFnNgVQi1xipjQR+Nakqa+D++BoNP7p4EpiyU8u3NjiYzHP
4zn8LalDSY50lT+khQSYmf/4pJTGLBPkXaOqkw7FMUxJDSlshRvXBCdggFij6LDl
xjjwKFVcfOUFkoLg7UgI/QH3+Ks2jdocr0Hb2I8qDJ3LEs5hQ5Y6xz+8tX+vwAWr
OPbha4MOjPILcqUqvf0quKqr7Zc4qCp6cYE7tzVMdPSvhKOmPlNYob3ul/jGj9ym
7zJ6iWFJwVQamzB0xSBwBtKOoEIopIdVgy8f1p0uJJLh9PsBuBeHyW4GNP26WS7x
Owv0UuGMa8gvDio+BY5c
=UhCV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.