ID CVE-2015-1852 Type cve Reporter NVD Modified 2016-12-23T21:59:06
Description
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
{"title": "CVE-2015-1852", "reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 4.3}, "vulnersScore": 4.3}, "published": "2015-04-17T13:59:02", "cvelist": ["CVE-2015-1852"], "viewCount": 2, "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1852", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "8ba0923dfe5ef2d03e6d22a3479f4239", "key": "cpe"}, {"hash": "1085e5e204bcd591706a7f4627ea4e6c", "key": "cvelist"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "6747a22760bcec85d310a55fd8a17c1e", "key": "description"}, {"hash": "07c9d985efe9d820253a250ccdb83363", "key": "href"}, {"hash": "12458f062704a7394a3fe0a59424c88f", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "741ea96d0388f91d380b00c437b804dc", "key": "published"}, {"hash": "8a72a13454ab1612c93dd40c65492607", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "3a96e93d98be0496cf971c6322b2b4de", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2015-04-17T13:59:02", "cvelist": ["CVE-2015-1852"], "title": "CVE-2015-1852", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1852", "bulletinFamily": "NVD", "id": "CVE-2015-1852", "history": [], "scanner": [], "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/a:openstack:python-keystoneclient:1.3.0", "cpe:/a:openstack:keystonemiddleware:1.5.0"], "modified": "2016-08-02T14:30:44", "hash": "c1cb202a8d312c47b1c8555735c0a3bd9ab1c6b645824d05f39a66f05feca20b", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "viewCount": 0, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html", "http://www.securityfocus.com/bid/74187", "http://www.ubuntu.com/usn/USN-2705-1", "https://bugs.launchpad.net/keystonemiddleware/+bug/1411063"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "741ea96d0388f91d380b00c437b804dc", "key": "published"}, {"hash": "4b4370f118a3736c1ab5ec3563292e9d", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "8ba0923dfe5ef2d03e6d22a3479f4239", "key": "cpe"}, {"hash": "07c9d985efe9d820253a250ccdb83363", "key": "href"}, {"hash": "a6c532fed3e983ebe189a45491fbdd13", "key": "modified"}, {"hash": "1085e5e204bcd591706a7f4627ea4e6c", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3a96e93d98be0496cf971c6322b2b4de", "key": "title"}, {"hash": "6747a22760bcec85d310a55fd8a17c1e", "key": "description"}], "lastseen": "2016-09-03T22:12:35", "description": "The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the \"insecure\" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T22:12:35"}], "scanner": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "modified": "2016-12-23T21:59:06", "hash": "e7bae588e752dc2619246085b26fee446b56143f2d04595239e779d0166bd97f", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/a:openstack:python-keystoneclient:1.3.0", "cpe:/a:openstack:keystonemiddleware:1.5.0"], "edition": 2, "description": "The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the \"insecure\" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.", "references": ["http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html", "http://www.securityfocus.com/bid/74187", "http://www.ubuntu.com/usn/USN-2705-1", "http://rhn.redhat.com/errata/RHSA-2015-1685.html", "http://rhn.redhat.com/errata/RHSA-2015-1677.html", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "https://bugs.launchpad.net/keystonemiddleware/+bug/1411063"], "id": "CVE-2015-1852", "lastseen": "2017-04-18T15:56:15", "assessment": {"name": "", "href": "", "system": ""}}
{"openvas": [{"lastseen": "2018-09-01T23:51:51", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162186.html", "2015-11656"], "pluginID": "1361412562310869782", "description": "Check the version of python-keystonemiddleware", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-19T00:00:00", "title": "Fedora Update for python-keystonemiddleware FEDORA-2015-11656", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1852"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869782", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869782", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-keystonemiddleware FEDORA-2015-11656\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869782\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-19 06:38:48 +0200 (Sun, 19 Jul 2015)\");\n script_cve_id(\"CVE-2015-1852\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python-keystonemiddleware FEDORA-2015-11656\");\n script_tag(name: \"summary\", value: \"Check the version of python-keystonemiddleware\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"This package contains middleware modules designed to provide authentication\nand authorization features to web services other than OpenStack Keystone.\nThe most prominent module is keystonemiddleware.auth_token.\nThis package does not expose any CLI or Python API features.\n\");\n script_tag(name: \"affected\", value: \"python-keystonemiddleware on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-11656\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162186.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-keystonemiddleware\", rpm:\"python-keystonemiddleware~1.3.2~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:50:41", "references": ["http://www.ubuntu.com/usn/usn-2705-1/", "2705-1"], "pluginID": "1361412562310842402", "description": "Check the version of python-keystoneclient", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-08-06T00:00:00", "title": "Ubuntu Update for python-keystoneclient USN-2705-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1852", "CVE-2014-7144"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310842402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for python-keystoneclient USN-2705-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842402\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-06 07:02:07 +0200 (Thu, 06 Aug 2015)\");\n script_cve_id(\"CVE-2014-7144\", \"CVE-2015-1852\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for python-keystoneclient USN-2705-1\");\n script_tag(name:\"summary\", value:\"Check the version of python-keystoneclient\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Qin Zhao discovered Keystone disabled\ncertification verification when the 'insecure' option is set in a paste\nconfiguration (paste.ini) file regardless of the value, which allows remote\nattackers to conduct man-in-the-middle attacks via a crafted certificate.\n(CVE-2014-7144)\n\nBrant Knudson discovered Keystone disabled certification verification when\nthe 'insecure' option is set in a paste configuration (paste.ini)\nfile regardless of the value, which allows remote attackers to conduct\nman-in-the-middle attacks via a crafted certificate. (CVE-2015-1852)\");\n script_tag(name:\"affected\", value:\"python-keystoneclient on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2705-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2705-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-keystoneclient\", ver:\"1:0.7.1-ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:53:34", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1209527", "http://www.nessus.org/u?d3981e19"], "pluginID": "84855", "description": "Update to upstream 1.3.2 which incldes fix for CVE-2015-1852 Update to upstream 1.3.1 + S3token incorrect condition expression for ssl_insecure CVE-2015-1852\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-07-20T00:00:00", "title": "Fedora 22 : python-keystonemiddleware-1.3.2-1.fc22 (2015-11656)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1852"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-keystonemiddleware", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-11656.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-11656.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84855);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:49:05 $\");\n\n script_cve_id(\"CVE-2015-1852\");\n script_xref(name:\"FEDORA\", value:\"2015-11656\");\n\n script_name(english:\"Fedora 22 : python-keystonemiddleware-1.3.2-1.fc22 (2015-11656)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream 1.3.2 which incldes fix for CVE-2015-1852 Update to\nupstream 1.3.1 + S3token incorrect condition expression for\nssl_insecure CVE-2015-1852\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1209527\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162186.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3981e19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-keystonemiddleware package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-keystonemiddleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"python-keystonemiddleware-1.3.2-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-keystonemiddleware\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:58:39", "references": [], "pluginID": "85253", "description": "Qin Zhao discovered Keystone disabled certification verification when the 'insecure' option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. (CVE-2014-7144)\n\nBrant Knudson discovered Keystone disabled certification verification when the 'insecure' option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. (CVE-2015-1852).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-08-06T00:00:00", "title": "Ubuntu 14.04 LTS / 15.04 : python-keystoneclient, python-keystonemiddleware vulnerabilities (USN-2705-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1852", "CVE-2014-7144"], "modified": "2018-08-03T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:python-keystoneclient", "p-cpe:/a:canonical:ubuntu_linux:python-keystonemiddleware", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2705-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85253", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2705-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85253);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/08/03 12:21:25\");\n\n script_cve_id(\"CVE-2014-7144\", \"CVE-2015-1852\");\n script_xref(name:\"USN\", value:\"2705-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : python-keystoneclient, python-keystonemiddleware vulnerabilities (USN-2705-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qin Zhao discovered Keystone disabled certification verification when\nthe 'insecure' option is set in a paste configuration (paste.ini) file\nregardless of the value, which allows remote attackers to conduct\nman-in-the-middle attacks via a crafted certificate. (CVE-2014-7144)\n\nBrant Knudson discovered Keystone disabled certification verification\nwhen the 'insecure' option is set in a paste configuration (paste.ini)\nfile regardless of the value, which allows remote attackers to conduct\nman-in-the-middle attacks via a crafted certificate. (CVE-2015-1852).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected python-keystoneclient and / or\npython-keystonemiddleware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-keystoneclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-keystonemiddleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-keystoneclient\", pkgver:\"1:0.7.1-ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"python-keystoneclient\", pkgver:\"1:1.2.0-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"python-keystonemiddleware\", pkgver:\"1.5.0-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-keystoneclient / python-keystonemiddleware\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:01", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2705-1\r\nAugust 06, 2015\r\n\r\npython-keystoneclient, python-keystonemiddleware vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nKeystone could be made to expose sensitive information over the\r\nnetwork.\r\n\r\nSoftware Description:\r\n- python-keystoneclient: Client library for OpenStack Identity API\r\n- python-keystonemiddleware: Client library for OpenStack Identity API\r\n\r\nDetails:\r\n\r\nQin Zhao discovered Keystone disabled certification verification when\r\nthe "insecure" option is set in a paste configuration (paste.ini)\r\nfile regardless of the value, which allows remote attackers to conduct\r\nman-in-the-middle attacks via a crafted certificate. (CVE-2014-7144)\r\n\r\nBrant Knudson discovered Keystone disabled certification verification when\r\nthe "insecure" option is set in a paste configuration (paste.ini)\r\nfile regardless of the value, which allows remote attackers to conduct\r\nman-in-the-middle attacks via a crafted certificate. (CVE-2015-1852)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n python-keystoneclient 1:1.2.0-0ubuntu1.1\r\n python-keystonemiddleware 1.5.0-0ubuntu1.1\r\n\r\nUbuntu 14.04 LTS:\r\n python-keystoneclient 1:0.7.1-ubuntu1.2\r\n\r\nAfter a standard system update you need to restart Keystone to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2705-1\r\n CVE-2014-7144, CVE-2015-1852\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/python-keystoneclient/1:1.2.0-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/python-keystonemiddleware/1.5.0-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/python-keystoneclient/1:0.7.1-ubuntu1.2\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-08-24T00:00:00", "title": "[USN-2705-1] Keystone vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:01", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-1852", "CVE-2014-7144"], "modified": "2015-08-24T00:00:00", "id": "SECURITYVULNS:DOC:32426", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32426", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32426"], "description": "Certificates validation bypass.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-08-24T00:00:00", "title": "OpenStack Keystone restrictions bypass", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-1852", "CVE-2014-7144"], "modified": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14650", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14650", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:52", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-7144", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1852"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1:1.2.0-0ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python-keystoneclient", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1:0.7.1-ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python-keystoneclient", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1.5.0-0ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python-keystonemiddleware", "operator": "lt"}], "description": "Qin Zhao discovered Keystone disabled certification verification when the \u201cinsecure\u201d option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. (CVE-2014-7144)\n\nBrant Knudson discovered Keystone disabled certification verification when the \u201cinsecure\u201d option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. (CVE-2015-1852)", "edition": 3, "reporter": "Ubuntu", "published": "2015-08-06T00:00:00", "title": "Keystone vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-1852", "CVE-2014-7144"], "modified": "2015-08-06T00:00:00", "id": "USN-2705-1", "href": "https://usn.ubuntu.com/2705-1/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-03-19T21:56:43", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.11.1-2.el7ost", "arch": "noarch", "packageFilename": "python-keystoneclient-doc-0.11.1-2.el7ost.noarch.rpm", "packageName": "python-keystoneclient-doc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.3.2-1.el7ost", "arch": "noarch", "packageFilename": "python-keystonemiddleware-1.3.2-1.el7ost.noarch.rpm", "packageName": "python-keystonemiddleware", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.3.2-1.el7ost", "arch": "noarch", "packageFilename": "python-keystonemiddleware-doc-1.3.2-1.el7ost.noarch.rpm", "packageName": "python-keystonemiddleware-doc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.11.1-2.el7ost", "arch": "noarch", "packageFilename": "python-keystoneclient-0.11.1-2.el7ost.noarch.rpm", "packageName": "python-keystoneclient", "operator": "lt"}], "description": "Python-keystonemiddleware (formely python-keystoneclient) is a client library\nand a command line utility for interacting with the OpenStack Identity API.\n\nRed Hat Enterprise OpenStack Platform 6.0 contains and uses both the\npython-keystonemiddleware and python-keystoneclient versions of this\npackage.\n\nIt was discovered that some items in the the S3Token configuration as used\nby python-keystonemiddleware and python-keystoneclient were incorrectly\nevaluated as strings, an issue similar to CVE-2014-7144. This would result\nin a setting for 'insecure=false' to evaluate as true and leave TLS\nconnections open to MITM. (CVE-2015-1852)\n\nRed Hat would like to thank the OpenStack project for reporting this issue.\nUpstream acknowledges Brant Knudson from IBM as the original reporter.\n\nNote: \"insecure\" defaults to false, so setups that do not specifically define\n\"insecure=false\" are unaffected.\n\nAll python-keystoneclient users are advised to upgrade to these updated\npackages, which correct these issues.\n", "reporter": "RedHat", "published": "2015-08-24T04:00:00", "type": "redhat", "title": "(RHSA-2015:1677) Moderate: python-keystoneclient and python-keystonemiddlware security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7144", "CVE-2015-1852"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-19T16:26:56", "id": "RHSA-2015:1677", "href": "https://access.redhat.com/errata/RHSA-2015:1677", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-06-06T23:50:38", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.9.0-6.el6ost", "arch": "noarch", "packageName": "python-keystoneclient-doc", "packageFilename": "python-keystoneclient-doc-0.9.0-6.el6ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.9.0-6.el6ost", "arch": "noarch", "packageName": "python-keystoneclient", "packageFilename": "python-keystoneclient-0.9.0-6.el6ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.9.0-6.el6ost", "arch": "src", "packageName": "python-keystoneclient", "packageFilename": "python-keystoneclient-0.9.0-6.el6ost.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.0-6.el7ost", "arch": "noarch", "packageName": "python-keystoneclient-doc", "packageFilename": "python-keystoneclient-doc-0.9.0-6.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.0-6.el7ost", "arch": "noarch", "packageName": "python-keystoneclient", "packageFilename": "python-keystoneclient-0.9.0-6.el7ost.noarch.rpm", "operator": "lt"}], "description": "Python-keystoneclient is a client library and a command-line utility\nfor interacting with the OpenStack Identity API.\n\nIt was discovered that some items in the S3Token configuration as used by\npython-keystoneclient were incorrectly evaluated as strings, an issue\nsimilar to CVE-2014-7144. If the \"insecure\" option was set to \"false\", the\noption would be evaluated as true, resulting in TLS connections being\nvulnerable to man-in-the-middle attacks. Note: The \"insecure\" option\ndefaults to false, so setups that do not specifically define\n\"insecure=false\" are not affected. (CVE-2015-1852)\n\nRed Hat would like to thank the OpenStack project for reporting this issue.\nUpstream acknowledges Brant Knudson from IBM as the original reporter.\n\nAll python-keystoneclient users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\n", "reporter": "RedHat", "published": "2015-08-25T04:00:00", "type": "redhat", "title": "(RHSA-2015:1685) Moderate: python-keystoneclient security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-7144", "CVE-2015-1852"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T02:47:57", "id": "RHSA-2015:1685", "href": "https://access.redhat.com/errata/RHSA-2015:1685", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
