Lucene search
Ubuntu: Security Advisory (USN-1772-1)
🗓️ 22 Mar 2013 00:00:00Reported by Copyright (C) 2013 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 33 Views
The 'keystone' package(s) on Ubuntu 12.10 is missing an update (USN-1772-1 advisory)
Show more
| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
 | CVE-2013-1865 | 20 Mar 201300:00 | – | ubuntucve |
 | Fedora 18 : openstack-keystone-2012.2.3-5.fc18 (2013-4590) | 9 Apr 201300:00 | – | nessus |
| Ubuntu 12.10 : keystone vulnerability (USN-1772-1) | 21 Mar 201300:00 | – | nessus |
| openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:0565-1) | 13 Jun 201400:00 | – | nessus |
 | OpenStack Keystone vulnerability | 20 Mar 201300:00 | – | ubuntu |
 | CVE-2013-1865 | 22 Mar 201321:00 | – | cvelist |
 | OpenStack Keystone Improper Authentication vulnerability | 17 May 202204:56 | – | osv |
| RHSA-2013:0708 Red Hat Security Advisory: openstack-keystone security and bug fix update | 15 Sep 202420:41 | – | osv |
| Ubuntu Update for keystone USN-1772-1 | 22 Mar 201300:00 | – | openvas |
| Fedora Update for openstack-keystone FEDORA-2013-4590 | 15 Apr 201300:00 | – | openvas |
10
| Source | Link |
|---|---|
| ubuntu | www.ubuntu.com/security/notices/USN-1772-1 |
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.841370");
script_cve_id("CVE-2013-1865");
script_tag(name:"creation_date", value:"2013-03-22 05:11:41 +0000 (Fri, 22 Mar 2013)");
script_version("2024-02-02T05:06:04+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_name("Ubuntu: Security Advisory (USN-1772-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU12\.10");
script_xref(name:"Advisory-ID", value:"USN-1772-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-1772-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'keystone' package(s) announced via the USN-1772-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Guang Yee discovered that Keystone would not always perform all
verification checks when configured to use PKI. If the keystone server was
configured to use PKI and services or users requested online verification,
an attacker could potentially exploit this to bypass revocation checks.
Keystone uses UUID tokens by default in Ubuntu.");
script_tag(name:"affected", value:"'keystone' package(s) on Ubuntu 12.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU12.10") {
if(!isnull(res = isdpkgvuln(pkg:"python-keystone", ver:"2012.2.1-0ubuntu1.3", rls:"UBUNTU12.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo22 Mar 2013 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS26.8
EPSS0.01162