{"id": "OPENVAS:1361412562310867673", "bulletinFamily": "scanner", "title": "Fedora Update for openstack-keystone FEDORA-2014-4210", "description": "The remote host is missing an update for the ", "published": "2014-04-08T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867673", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["2014-4210", "https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html"], "cvelist": ["CVE-2014-2237", "CVE-2013-4477", "CVE-2013-6391", "CVE-2013-2157", "CVE-2013-4294"], "type": "openvas", "lastseen": "2019-03-18T14:37:25", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-2237", "CVE-2013-4477", "CVE-2013-6391", "CVE-2013-2157", "CVE-2013-4294"], "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "Check for the Version of openstack-keystone", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "176e66dfa5d077e5f33287c9405cab6e83e3cbef030f43e57e35edec9544f297", "hashmap": [{"hash": "8f0f17ec876946644a03399ec17ba766", "key": "published"}, {"hash": "dcde2de845819691882c044e65ab43f5", "key": "references"}, {"hash": "473d00774db54a3c664000f0527ea35f", "key": "title"}, {"hash": "5a7fe1e8e2e2c1b06de9ce993e9ed8ec", "key": "cvelist"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "9c87571bb98eb2b39116b97942db349e", "key": "sourceData"}, {"hash": "aa48a6bdcab91a600eca490863982fbd", "key": "cvss"}, {"hash": "b9decf9552ade34781f910d2dca09e05", "key": "href"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "c8581bf9c797a6a1efbb570e60a9fe83", "key": "pluginID"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "089420d0a01b49b91e37eb3b94a00e6c", "key": "description"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867673", "id": "OPENVAS:1361412562310867673", "lastseen": "2018-04-09T11:14:02", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867673", "published": "2014-04-08T00:00:00", "references": ["2014-4210", "https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-4210\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867673\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:20:34 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2013-6391\", \"CVE-2014-2237\", \"CVE-2013-4477\", \"CVE-2013-4294\", \"CVE-2013-2157\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-4210\");\n\n tag_insight = \"Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nThis package contains the Keystone daemon.\n\";\n\n tag_affected = \"openstack-keystone on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4210\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openstack-keystone\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.1.5~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for openstack-keystone FEDORA-2014-4210", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-04-09T11:14:02"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-2237", "CVE-2013-4477", "CVE-2013-6391", "CVE-2013-2157", "CVE-2013-4294"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check for the Version of openstack-keystone", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "1e6a7b4e791da4902a543d55804a8014684ddcb8b0dec899834fd404d7b0fcb7", "hashmap": [{"hash": "8f0f17ec876946644a03399ec17ba766", "key": "published"}, {"hash": "dcde2de845819691882c044e65ab43f5", "key": "references"}, {"hash": "473d00774db54a3c664000f0527ea35f", "key": "title"}, {"hash": "5a7fe1e8e2e2c1b06de9ce993e9ed8ec", "key": "cvelist"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "9c87571bb98eb2b39116b97942db349e", "key": "sourceData"}, {"hash": "b9decf9552ade34781f910d2dca09e05", "key": "href"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "c8581bf9c797a6a1efbb570e60a9fe83", "key": "pluginID"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "089420d0a01b49b91e37eb3b94a00e6c", "key": "description"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867673", "id": "OPENVAS:1361412562310867673", "lastseen": "2018-08-30T19:23:38", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867673", "published": "2014-04-08T00:00:00", "references": ["2014-4210", "https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-4210\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867673\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:20:34 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2013-6391\", \"CVE-2014-2237\", \"CVE-2013-4477\", \"CVE-2013-4294\", \"CVE-2013-2157\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-4210\");\n\n tag_insight = \"Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nThis package contains the Keystone daemon.\n\";\n\n tag_affected = \"openstack-keystone on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4210\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openstack-keystone\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.1.5~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for openstack-keystone FEDORA-2014-4210", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:23:38"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-2237", "CVE-2013-4477", "CVE-2013-6391", "CVE-2013-2157", "CVE-2013-4294"], "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "Check for the Version of openstack-keystone", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-01T23:54:01", "references": [{"idList": ["OPENVAS:1361412562310867703", "OPENVAS:1361412562310867346", "OPENVAS:841662", "OPENVAS:867346", "OPENVAS:867673", "OPENVAS:867038", "OPENVAS:1361412562310841662", "OPENVAS:1361412562310867038", "OPENVAS:1361412562310868073", "OPENVAS:867703"], "type": "openvas"}, {"idList": ["FEDORA_2013-20373.NASL", "FEDORA_2014-4903.NASL", "OPENSUSE-2013-540.NASL", "UBUNTU_USN-2002-1.NASL", "UBUNTU_USN-2061-1.NASL", "UBUNTU_USN-2034-1.NASL", "FEDORA_2013-10713.NASL", "UBUNTU_USN-1875-1.NASL", "FEDORA_2013-23589.NASL", "FEDORA_2014-4210.NASL"], "type": "nessus"}, {"idList": ["CVE-2014-2237", "CVE-2013-4477", "CVE-2013-6391", "CVE-2013-2157", "CVE-2013-4294"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:30125", "SECURITYVULNS:DOC:30027", "SECURITYVULNS:DOC:29466", "SECURITYVULNS:VULN:13128", "SECURITYVULNS:VULN:13374", "SECURITYVULNS:DOC:29964"], "type": "securityvulns"}, {"idList": ["USN-2002-1", "USN-1875-1", "USN-2061-1", "USN-2034-1"], "type": "ubuntu"}, {"idList": ["SSV:61698", "SSV:61131"], "type": "seebug"}, {"idList": ["RHSA-2013:0994", "RHSA-2014:0368", "RHSA-2014:0113", "RHSA-2014:0580", "RHSA-2013:1285", "RHSA-2014:0089", "RHSA-2013:1083"], "type": "redhat"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "176e66dfa5d077e5f33287c9405cab6e83e3cbef030f43e57e35edec9544f297", "hashmap": [{"hash": "8f0f17ec876946644a03399ec17ba766", "key": "published"}, {"hash": "dcde2de845819691882c044e65ab43f5", "key": "references"}, {"hash": "473d00774db54a3c664000f0527ea35f", "key": "title"}, {"hash": "5a7fe1e8e2e2c1b06de9ce993e9ed8ec", "key": "cvelist"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "9c87571bb98eb2b39116b97942db349e", "key": "sourceData"}, {"hash": "aa48a6bdcab91a600eca490863982fbd", "key": "cvss"}, {"hash": "b9decf9552ade34781f910d2dca09e05", "key": "href"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "c8581bf9c797a6a1efbb570e60a9fe83", "key": "pluginID"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "089420d0a01b49b91e37eb3b94a00e6c", "key": "description"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867673", "id": "OPENVAS:1361412562310867673", "lastseen": "2018-09-01T23:54:01", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867673", "published": "2014-04-08T00:00:00", "references": ["2014-4210", "https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-4210\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867673\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:20:34 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2013-6391\", \"CVE-2014-2237\", \"CVE-2013-4477\", \"CVE-2013-4294\", \"CVE-2013-2157\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-4210\");\n\n tag_insight = \"Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nThis package contains the Keystone daemon.\n\";\n\n tag_affected = \"openstack-keystone on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4210\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openstack-keystone\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.1.5~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for openstack-keystone FEDORA-2014-4210", "type": "openvas", "viewCount": 1}, "differentElements": ["description", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:54:01"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-2237", "CVE-2013-4477", "CVE-2013-6391", "CVE-2013-2157", "CVE-2013-4294"], "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "Check for the Version of openstack-keystone", "edition": 1, "enchantments": {"score": {"modified": "2018-04-06T11:13:14", "value": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N/"}}, "hash": "95e48e8dd38a18dadc53977ae1d357ebb8b49da46f2df7b758476ca463fbd4ab", "hashmap": [{"hash": "8f0f17ec876946644a03399ec17ba766", "key": "published"}, {"hash": "dcde2de845819691882c044e65ab43f5", "key": "references"}, {"hash": "0dff46735ff98f1b0cfc397417d2f42f", "key": "sourceData"}, {"hash": "473d00774db54a3c664000f0527ea35f", "key": "title"}, {"hash": "5a7fe1e8e2e2c1b06de9ce993e9ed8ec", "key": "cvelist"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "aa48a6bdcab91a600eca490863982fbd", "key": "cvss"}, {"hash": "b9decf9552ade34781f910d2dca09e05", "key": "href"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "c8581bf9c797a6a1efbb570e60a9fe83", "key": "pluginID"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "089420d0a01b49b91e37eb3b94a00e6c", "key": "description"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867673", "id": "OPENVAS:1361412562310867673", "lastseen": "2018-04-06T11:13:14", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867673", "published": "2014-04-08T00:00:00", "references": ["2014-4210", "https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-4210\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867673\");\n script_version(\"$Revision: 9354 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:20:34 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2013-6391\", \"CVE-2014-2237\", \"CVE-2013-4477\", \"CVE-2013-4294\", \"CVE-2013-2157\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-4210\");\n\n tag_insight = \"Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nThis package contains the Keystone daemon.\n\";\n\n tag_affected = \"openstack-keystone on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4210\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html\");\n script_summary(\"Check for the Version of openstack-keystone\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.1.5~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for openstack-keystone FEDORA-2014-4210", "type": "openvas", "viewCount": 0}, "differentElements": ["sourceData"], "edition": 1, "lastseen": "2018-04-06T11:13:14"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "5a7fe1e8e2e2c1b06de9ce993e9ed8ec"}, {"key": "cvss", "hash": "aa48a6bdcab91a600eca490863982fbd"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "b9decf9552ade34781f910d2dca09e05"}, {"key": "modified", "hash": "4525bc09d1c4c408a417a5eb7b850972"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "c8581bf9c797a6a1efbb570e60a9fe83"}, {"key": "published", "hash": "8f0f17ec876946644a03399ec17ba766"}, {"key": "references", "hash": "dcde2de845819691882c044e65ab43f5"}, {"key": "reporter", "hash": "06df9aea2d851c3b10ab498f59f0777d"}, {"key": "sourceData", "hash": "7e74a857c0bddc90536a61a08f3a5d71"}, {"key": "title", "hash": "473d00774db54a3c664000f0527ea35f"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "f22158d45d5504e22adea8bf1760f0e7cc2f6dcb2880118f6ec5d2ccd5cc6c38", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:867673", "OPENVAS:1361412562310867038", "OPENVAS:867703", "OPENVAS:1361412562310867703", "OPENVAS:867038", "OPENVAS:867346", "OPENVAS:1361412562310867346", "OPENVAS:1361412562310868073", "OPENVAS:1361412562310841662", "OPENVAS:841662"]}, {"type": "cve", "idList": ["CVE-2013-6391", "CVE-2013-2157", "CVE-2013-4294", "CVE-2013-4477", "CVE-2014-2237"]}, {"type": "redhat", "idList": ["RHSA-2014:0368", "RHSA-2014:0089", "RHSA-2013:1285", "RHSA-2013:0994", "RHSA-2013:1083", "RHSA-2014:0113", "RHSA-2014:0580"]}, {"type": "nessus", "idList": ["FEDORA_2014-4210.NASL", "UBUNTU_USN-2061-1.NASL", "FEDORA_2013-23589.NASL", "UBUNTU_USN-2034-1.NASL", "FEDORA_2013-20373.NASL", "UBUNTU_USN-2002-1.NASL", "FEDORA_2014-4903.NASL", "OPENSUSE-2013-540.NASL", "FEDORA_2013-10467.NASL", "FEDORA_2013-10713.NASL"]}, {"type": "seebug", "idList": ["SSV:61131", "SSV:61698"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30125", "SECURITYVULNS:DOC:30027", "SECURITYVULNS:DOC:29964", "SECURITYVULNS:DOC:29466", "SECURITYVULNS:VULN:13374", "SECURITYVULNS:VULN:13128"]}, {"type": "ubuntu", "idList": ["USN-2061-1", "USN-2034-1", "USN-2002-1", "USN-1875-1"]}], "modified": "2019-03-18T14:37:25"}, "score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-4210\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867673\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:20:34 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2013-6391\", \"CVE-2014-2237\", \"CVE-2013-4477\", \"CVE-2013-4294\", \"CVE-2013-2157\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-4210\");\n script_tag(name:\"affected\", value:\"openstack-keystone on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4210\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openstack-keystone'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.1.5~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310867673", "scheme": null}

{"openvas": [{"lastseen": "2017-07-25T10:49:02", "bulletinFamily": "scanner", "description": "Check for the Version of openstack-keystone", "modified": "2017-07-10T00:00:00", "published": "2014-04-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867673", "id": "OPENVAS:867673", "title": "Fedora Update for openstack-keystone FEDORA-2014-4210", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-4210\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867673);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:20:34 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2013-6391\", \"CVE-2014-2237\", \"CVE-2013-4477\", \"CVE-2013-4294\", \"CVE-2013-2157\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-4210\");\n\n tag_insight = \"Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nThis package contains the Keystone daemon.\n\";\n\n tag_affected = \"openstack-keystone on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4210\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html\");\n script_summary(\"Check for the Version of openstack-keystone\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.1.5~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-24T11:09:18", "bulletinFamily": "scanner", "description": "Check for the Version of openstack-keystone", "modified": "2018-01-24T00:00:00", "published": "2013-11-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867038", "id": "OPENVAS:867038", "title": "Fedora Update for openstack-keystone FEDORA-2013-20373", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2013-20373\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867038);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:25:11 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4477\", \"CVE-2013-4294\", \"CVE-2013-2157\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2013-20373\");\n\n tag_insight = \"Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nThis package contains the Keystone daemon.\n\";\n\n tag_affected = \"openstack-keystone on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-20373\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120205.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of openstack-keystone\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.1.4~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-18T14:39:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-11-08T00:00:00", "id": "OPENVAS:1361412562310867038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867038", "title": "Fedora Update for openstack-keystone FEDORA-2013-20373", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2013-20373\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867038\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:25:11 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4477\", \"CVE-2013-4294\", \"CVE-2013-2157\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2013-20373\");\n\n\n script_tag(name:\"affected\", value:\"openstack-keystone on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-20373\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120205.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openstack-keystone'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.1.4~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:48:23", "bulletinFamily": "scanner", "description": "Check for the Version of openstack-keystone", "modified": "2017-07-10T00:00:00", "published": "2014-04-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867703", "id": "OPENVAS:867703", "title": "Fedora Update for openstack-keystone FEDORA-2014-4903", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-4903\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867703);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 11:59:53 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-2237\", \"CVE-2013-6391\", \"CVE-2013-4477\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-4903\");\n\n tag_insight = \"Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nThis package contains the Keystone daemon.\n\";\n\n tag_affected = \"openstack-keystone on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4903\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131822.html\");\n script_summary(\"Check for the Version of openstack-keystone\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.2.3~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-18T14:37:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-21T00:00:00", "id": "OPENVAS:1361412562310867703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867703", "title": "Fedora Update for openstack-keystone FEDORA-2014-4903", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-4903\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867703\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 11:59:53 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2014-2237\", \"CVE-2013-6391\", \"CVE-2013-4477\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-4903\");\n script_tag(name:\"affected\", value:\"openstack-keystone on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4903\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131822.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openstack-keystone'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.2.3~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:48:20", "bulletinFamily": "scanner", "description": "Check for the Version of openstack-keystone", "modified": "2017-07-10T00:00:00", "published": "2014-02-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867346", "id": "OPENVAS:867346", "title": "Fedora Update for openstack-keystone FEDORA-2013-23589", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2013-23589\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867346);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 19:56:22 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-6391\", \"CVE-2013-4477\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2013-23589\");\n\n tag_insight = \"Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nThis package contains the Keystone daemon.\n\";\n\n tag_affected = \"openstack-keystone on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23589\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125277.html\");\n script_summary(\"Check for the Version of openstack-keystone\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.2.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-18T14:38:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-03T00:00:00", "id": "OPENVAS:1361412562310867346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867346", "title": "Fedora Update for openstack-keystone FEDORA-2013-23589", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2013-23589\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867346\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 19:56:22 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-6391\", \"CVE-2013-4477\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2013-23589\");\n script_tag(name:\"affected\", value:\"openstack-keystone on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-23589\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125277.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openstack-keystone'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.2.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-18T14:38:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENVAS:1361412562310868073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868073", "title": "Fedora Update for openstack-keystone FEDORA-2014-5497", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-5497\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868073\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-08 06:01:34 +0200 (Fri, 08 Aug 2014)\");\n script_cve_id(\"CVE-2014-2828\", \"CVE-2014-3476\", \"CVE-2014-3520\", \"CVE-2014-2237\",\n \"CVE-2013-6391\", \"CVE-2013-4477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-5497\");\n script_tag(name:\"affected\", value:\"openstack-keystone on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5497\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136283.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openstack-keystone'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.2.3~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-03-14T14:31:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310841662", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841662", "title": "Ubuntu Update for keystone USN-2061-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2061_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for keystone USN-2061-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841662\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 13:24:24 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-6391\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Ubuntu Update for keystone USN-2061-1\");\n\n script_tag(name:\"affected\", value:\"keystone on Ubuntu 13.10\");\n script_tag(name:\"insight\", value:\"Steven Hardy discovered that Keystone did not properly\nenforce trusts when using the ec2tokens API. An authenticated attacker\ncould exploit this to retrieve a token not scoped to the trust and elevate\nprivileges to the trustor's roles.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2061-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2061-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'keystone'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU13\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-keystone\", ver:\"1:2013.2-0ubuntu1.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-02-05T11:10:33", "bulletinFamily": "scanner", "description": "Check for the Version of keystone", "modified": "2018-02-03T00:00:00", "published": "2013-12-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841662", "id": "OPENVAS:841662", "title": "Ubuntu Update for keystone USN-2061-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2061_1.nasl 8650 2018-02-03 12:16:59Z teissa $\n#\n# Ubuntu Update for keystone USN-2061-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841662);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 13:24:24 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-6391\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Ubuntu Update for keystone USN-2061-1\");\n\n tag_insight = \"Steven Hardy discovered that Keystone did not properly\nenforce trusts when using the ec2tokens API. An authenticated attacker\ncould exploit this to retrieve a token not scoped to the trust and elevate\nprivileges to the trustor's roles.\";\n\n tag_affected = \"keystone on Ubuntu 13.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2061-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2061-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of keystone\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-keystone\", ver:\"1:2013.2-0ubuntu1.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "cve": [{"lastseen": "2017-08-29T10:47:59", "bulletinFamily": "NVD", "description": "The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.", "modified": "2017-08-28T21:33:58", "published": "2013-12-14T12:21:46", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6391", "id": "CVE-2013-6391", "title": "CVE-2013-6391", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T18:19:19", "bulletinFamily": "NVD", "description": "OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.", "modified": "2013-08-21T11:12:05", "published": "2013-08-20T18:55:04", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2157", "id": "CVE-2013-2157", "title": "CVE-2013-2157", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T18:46:02", "bulletinFamily": "NVD", "description": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.", "modified": "2013-10-30T23:34:54", "published": "2013-09-23T16:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4294", "id": "CVE-2013-4294", "title": "CVE-2013-4294", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T18:48:17", "bulletinFamily": "NVD", "description": "The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.", "modified": "2014-03-05T23:47:40", "published": "2013-11-02T15:55:04", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4477", "id": "CVE-2013-4477", "title": "CVE-2013-4477", "type": "cve", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T20:12:14", "bulletinFamily": "NVD", "description": "The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.", "modified": "2015-04-22T21:59:24", "published": "2014-04-01T02:35:53", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2237", "id": "CVE-2014-2237", "title": "CVE-2014-2237", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:21:01", "bulletinFamily": "scanner", "description": "updated to stable grizzly 2013.1.5 release\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2014-4210.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73353", "published": "2014-04-07T00:00:00", "title": "Fedora 19 : openstack-keystone-2013.1.5-2.fc19 (2014-4210)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4210.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73353);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2013-6391\", \"CVE-2014-2237\");\n script_bugtraq_id(64253, 65895);\n script_xref(name:\"FEDORA\", value:\"2014-4210\");\n\n script_name(english:\"Fedora 19 : openstack-keystone-2013.1.5-2.fc19 (2014-4210)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"updated to stable grizzly 2013.1.5 release\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1039164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071434\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131150.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68c9a028\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openstack-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"openstack-keystone-2013.1.5-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-keystone\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:20:32", "bulletinFamily": "scanner", "description": "Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2061-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71564", "published": "2013-12-20T00:00:00", "title": "Ubuntu 13.10 : keystone vulnerability (USN-2061-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2061-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71564);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-6391\");\n script_bugtraq_id(64253);\n script_xref(name:\"USN\", value:\"2061-1\");\n\n script_name(english:\"Ubuntu 13.10 : keystone vulnerability (USN-2061-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Steven Hardy discovered that Keystone did not properly enforce trusts\nwhen using the ec2tokens API. An authenticated attacker could exploit\nthis to retrieve a token not scoped to the trust and elevate\nprivileges to the trustor's roles.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2061-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.10\", pkgname:\"python-keystone\", pkgver:\"1:2013.2-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-keystone\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:20:20", "bulletinFamily": "scanner", "description": "update to 2013.1.4 stable/grizzly release\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-20373.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70789", "published": "2013-11-08T00:00:00", "title": "Fedora 19 : openstack-keystone-2013.1.4-2.fc19 (2013-20373)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-20373.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70789);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:37:39 $\");\n\n script_cve_id(\"CVE-2013-4477\");\n script_bugtraq_id(63395);\n script_xref(name:\"FEDORA\", value:\"2013-20373\");\n\n script_name(english:\"Fedora 19 : openstack-keystone-2013.1.4-2.fc19 (2013-20373)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update to 2013.1.4 stable/grizzly release\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1024401\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120205.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?110887f9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openstack-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"openstack-keystone-2013.1.4-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-keystone\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:20:26", "bulletinFamily": "scanner", "description": "Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2034-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71094", "published": "2013-11-26T00:00:00", "title": "Ubuntu 12.10 / 13.04 / 13.10 : keystone vulnerability (USN-2034-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2034-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71094);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-4477\");\n script_bugtraq_id(63395);\n script_xref(name:\"USN\", value:\"2034-1\");\n\n script_name(english:\"Ubuntu 12.10 / 13.04 / 13.10 : keystone vulnerability (USN-2034-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brant Knudson discovered a logic error in the LDAP backend in Keystone\nwhere removing a role on a tenant for a user who does not have that\nrole would instead add the role to the user. An authenticated user\ncould use this to gain privileges. Ubuntu is not configured to use the\nLDAP Keystone backend by default.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2034-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"python-keystone\", pkgver:\"2012.2.4-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"python-keystone\", pkgver:\"1:2013.1.4-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"python-keystone\", pkgver:\"1:2013.2-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-keystone\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:20:34", "bulletinFamily": "scanner", "description": "- Update to Havana stable release 2013.2.1\n\n - Havana GA\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-23589.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71765", "published": "2013-12-30T00:00:00", "title": "Fedora 20 : openstack-keystone-2013.2.1-1.fc20 (2013-23589)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23589.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71765);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:14 $\");\n\n script_cve_id(\"CVE-2013-4477\");\n script_bugtraq_id(63395);\n script_xref(name:\"FEDORA\", value:\"2013-23589\");\n\n script_name(english:\"Fedora 20 : openstack-keystone-2013.2.1-1.fc20 (2013-23589)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to Havana stable release 2013.2.1\n\n - Havana GA\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1024401\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125277.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?700d3e3f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openstack-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"openstack-keystone-2013.2.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-keystone\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:21:32", "bulletinFamily": "scanner", "description": "This update of openstack-keystone fixes two security vulnerabilities.\n\n - Add CVE-2013-2104.patch: fix missing expiration check in Keystone PKI token validation (CVE-2013-2104, bnc#821201)\n\n - Add CVE-2013-2157.patch: fix authentication bypass when using LDAP backend (CVE-2013-2157, bnc#823783)", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2013-540.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75063", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:1089-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-540.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75063);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-2104\", \"CVE-2013-2157\");\n\n script_name(english:\"openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:1089-1)\");\n script_summary(english:\"Check for the openSUSE-2013-540 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of openstack-keystone fixes two security vulnerabilities.\n\n - Add CVE-2013-2104.patch: fix missing expiration check in\n Keystone PKI token validation (CVE-2013-2104,\n bnc#821201)\n\n - Add CVE-2013-2157.patch: fix authentication bypass when\n using LDAP backend (CVE-2013-2157, bnc#823783)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=821201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=823783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-keystone packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openstack-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openstack-keystone-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openstack-keystone-2012.2.4+git.1363796849.255b1d4-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openstack-keystone-test-2012.2.4+git.1363796849.255b1d4-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-keystone-2012.2.4+git.1363796849.255b1d4-3.16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-keystone / openstack-keystone-test / python-keystone\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:13", "bulletinFamily": "scanner", "description": "Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. (CVE-2013-4222)\n\nKieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when using the memcache and KVS backends. An authenticated attacker could exploit this to bypass intended access restrictions. (CVE-2013-4294).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2019-01-02T00:00:00", "id": "UBUNTU_USN-2002-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70581", "published": "2013-10-24T00:00:00", "title": "Ubuntu 12.10 / 13.04 : keystone vulnerabilities (USN-2002-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2002-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70581);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\"CVE-2013-4222\", \"CVE-2013-4294\");\n script_bugtraq_id(61725, 62331);\n script_xref(name:\"USN\", value:\"2002-1\");\n\n script_name(english:\"Ubuntu 12.10 / 13.04 : keystone vulnerabilities (USN-2002-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chmouel Boudjnah discovered that Keystone did not properly invalidate\nuser tokens when a tenant was disabled which allowed an authenticated\nuser to retain access via the token. (CVE-2013-4222)\n\nKieran Spear discovered that Keystone did not properly verify PKI\ntokens when performing revocation when using the memcache and KVS\nbackends. An authenticated attacker could exploit this to bypass\nintended access restrictions. (CVE-2013-4294).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2002-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.10|13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10 / 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"python-keystone\", pkgver:\"2012.2.4-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"python-keystone\", pkgver:\"1:2013.1.3-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-keystone\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:05", "bulletinFamily": "scanner", "description": "updated to stable havana 2013.2.3 release\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2014-4903.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73601", "published": "2014-04-18T00:00:00", "title": "Fedora 20 : openstack-keystone-2013.2.3-2.fc20 (2014-4903)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4903.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73601);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2237\");\n script_bugtraq_id(65895);\n script_xref(name:\"FEDORA\", value:\"2014-4903\");\n\n script_name(english:\"Fedora 20 : openstack-keystone-2013.2.3-2.fc20 (2014-4903)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"updated to stable havana 2013.2.3 release\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071434\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131822.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94994376\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openstack-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"openstack-keystone-2013.2.3-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-keystone\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:19:47", "bulletinFamily": "scanner", "description": "Stable Grizzly update 2013.1.2 Force simple Bind for authentication CVE-2013-2157 restrict /var/log/keystone/ rhbz#956814\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-10467.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68985", "published": "2013-07-22T00:00:00", "title": "Fedora 19 : openstack-keystone-2013.1.2-3.fc19 (2013-10467)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-10467.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68985);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:56 $\");\n\n script_cve_id(\"CVE-2013-2014\", \"CVE-2013-2157\");\n script_bugtraq_id(59936, 60545);\n script_xref(name:\"FEDORA\", value:\"2013-10467\");\n\n script_name(english:\"Fedora 19 : openstack-keystone-2013.1.2-3.fc19 (2013-10467)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stable Grizzly update 2013.1.2 Force simple Bind for authentication\nCVE-2013-2157 restrict /var/log/keystone/ rhbz#956814\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=956474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=957028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=971884\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c72f00ae\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openstack-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"openstack-keystone-2013.1.2-3.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-keystone\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:52", "bulletinFamily": "scanner", "description": "authtoken: Check token expiry CVE-2013-2104 Force simple Bind for authentication CVE-2013-2157\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2013-10713.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69288", "published": "2013-08-10T00:00:00", "title": "Fedora 18 : openstack-keystone-2012.2.4-5.fc18 (2013-10713)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-10713.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69288);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2013-2104\", \"CVE-2013-2157\");\n script_bugtraq_id(60193, 60545);\n script_xref(name:\"FEDORA\", value:\"2013-10713\");\n\n script_name(english:\"Fedora 18 : openstack-keystone-2012.2.4-5.fc18 (2013-10713)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"authtoken: Check token expiry CVE-2013-2104 Force simple Bind for\nauthentication CVE-2013-2157\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=971884\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113551.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95ed5583\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openstack-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"openstack-keystone-2012.2.4-5.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-keystone\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:53", "bulletinFamily": "unix", "description": "The OpenStack Identity service (keystone) authenticates and authorizes\nOpenStack users by keeping track of users and their permitted activities.\nThe Identity service supports multiple forms of authentication including\nuser name and password credentials, token-based systems, and\nAWS-style logins.\n\nIt was found that the ec2token API in keystone, which is used to generate\nEC2-style (Amazon Elastic Compute Cloud) credentials, could generate a\ntoken not scoped to a particular trust when creating a token from a\nreceived trust-scoped token. A remote attacker could use this flaw to\nretrieve a token that elevated their privileges to all of the trustor's\nroles. Note that only OpenStack Identity setups that have EC2-style\nauthentication enabled were affected. (CVE-2013-6391)\n\nIt was found that the the memcache token back end of OpenStack Identity did\nnot correctly invalidate a revoked trust token, allowing users with revoked\ntokens to retain access to services they should no longer be able to\naccess. Note that only OpenStack Identity setups using the memcache back\nend for tokens were affected. (CVE-2014-2237)\n\nRed Hat would like to thank Jeremy Stanley of the OpenStack Project for\nreporting CVE-2013-6391. Upstream acknowledges Steven Hardy of Red Hat as\nthe original reporter of CVE-2013-6391.\n\nAll openstack-keystone users are advised to upgrade to these updated\npackages, which correct these issues.\n", "modified": "2018-06-09T14:17:34", "published": "2014-04-03T04:00:00", "id": "RHSA-2014:0368", "href": "https://access.redhat.com/errata/RHSA-2014:0368", "type": "redhat", "title": "(RHSA-2014:0368) Moderate: openstack-keystone security update", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:41:16", "bulletinFamily": "unix", "description": "The openstack-keystone packages provide keystone, a Python implementation\nof the OpenStack Identity service API, which provides Identity, Token,\nCatalog, and Policy services.\n\nIt was found that the ec2token API in keystone, which is used to generate\nEC2-style (Amazon Elastic Compute Cloud) credentials, could generate a\ntoken not scoped to a particular trust when creating a token from a\nreceived trust-scoped token. A remote attacker could use this flaw to\nretrieve a token that elevated their privileges to all of the trustor's\nroles. Note that only OpenStack Identity setups that have EC2-style\nauthentication enabled were affected. (CVE-2013-6391)\n\nRed Hat would like to thank Jeremy Stanley of the OpenStack Project for\nreporting this issue. Upstream acknowledges Steven Hardy of Red Hat as the\noriginal reporter.\n\nThese updated packages have been upgraded to upstream version 2013.2.1,\nwhich provides a number of bug fixes over the previous version.\n(BZ#1045408)\n\nAll openstack-keystone users are advised to upgrade to these updated\npackages, which correct these issues.\n", "modified": "2018-06-07T02:47:45", "published": "2014-01-22T05:00:00", "id": "RHSA-2014:0089", "href": "https://access.redhat.com/errata/RHSA-2014:0089", "type": "redhat", "title": "(RHSA-2014:0089) Moderate: openstack-keystone security and bug fix update ", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:42:33", "bulletinFamily": "unix", "description": "The openstack-keystone packages provide Keystone, a Python implementation\nof the OpenStack identity service API, which provides Identity, Token,\nCatalog, and Policy services.\n\nIt was found that Keystone did not correctly handle revoked PKI tokens,\nallowing users with revoked tokens to retain access to resources they\nshould no longer be able to access. This issue only affected systems using\nPKI tokens with the memcache or KVS token back ends. (CVE-2013-4294)\n\nRed Hat would like to thank Thierry Carrez of OpenStack upstream for\nreporting this issue. Upstream acknowledges Kieran Spear of University of\nMelbourne as the original reporter.\n\nAll users of openstack-keystone are advised to upgrade to these updated\npackages, which correct these issues. After installing the updated\npackages, the Keystone service (openstack-keystone) will be restarted\nautomatically.\n", "modified": "2018-06-09T14:17:33", "published": "2013-09-25T04:00:00", "id": "RHSA-2013:1285", "href": "https://access.redhat.com/errata/RHSA-2013:1285", "type": "redhat", "title": "(RHSA-2013:1285) Moderate: openstack-keystone security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:41:32", "bulletinFamily": "unix", "description": "The openstack-keystone packages provide Keystone, a Python implementation\nof the OpenStack identity service API, which provides Identity, Token,\nCatalog, and Policy services.\n\nA flaw was found in the way Keystone handled LDAP (Lightweight Directory\nAccess Protocol) based authentication. If Keystone was configured to use\nLDAP authentication, and the LDAP server was configured to allow anonymous\nbinds (anonymous binds is a common default), anyone able to connect to a\ngiven service using Keystone could connect as any user, including the\nadmin, without supplying a password. (CVE-2013-2157)\n\nRed Hat would like to thank Thierry Carrez of OpenStack upstream for\nreporting this issue. Upstream acknowledges Jose Castro Leon of CERN as\nthe original reporter.\n\nAll users of openstack-keystone are advised to upgrade to these updated\npackages, which correct this issue. After installing the updated packages,\nthe Keystone service (openstack-keystone) will be restarted automatically.\n", "modified": "2018-06-09T14:17:32", "published": "2013-07-16T04:00:00", "id": "RHSA-2013:1083", "href": "https://access.redhat.com/errata/RHSA-2013:1083", "type": "redhat", "title": "(RHSA-2013:1083) Important: openstack-keystone security update", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:41:11", "bulletinFamily": "unix", "description": "The openstack-keystone packages provide Keystone, a Python implementation\nof the OpenStack identity service API, which provides Identity, Token,\nCatalog, and Policy services.\n\nA flaw was found in the way Keystone handled LDAP (Lightweight Directory\nAccess Protocol) based authentication. If Keystone was configured to use\nLDAP authentication, and the LDAP server was configured to allow anonymous\nbinds (anonymous binds is a common default), anyone able to connect to a\ngiven service using Keystone could connect as any user, including the\nadmin, without supplying a password. (CVE-2013-2157)\n\nRed Hat would like to thank Thierry Carrez of OpenStack upstream for\nreporting this issue. Upstream acknowledges Jose Castro Leon of CERN as\nthe original reporter.\n\nThese updated packages have been upgraded to upstream version 2013.1.2,\nwhich provides a number of bug fixes over the previous version. (BZ#972660)\n\nAll users of openstack-keystone are advised to upgrade to these updated\npackages, which correct these issues. After installing the updated\npackages, the Keystone service (openstack-keystone) will be restarted\nautomatically.\n", "modified": "2018-06-09T14:17:33", "published": "2013-06-27T04:00:00", "id": "RHSA-2013:0994", "href": "https://access.redhat.com/errata/RHSA-2013:0994", "type": "redhat", "title": "(RHSA-2013:0994) Important: openstack-keystone security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:42:13", "bulletinFamily": "unix", "description": "The openstack-keystone packages provide keystone, a Python implementation\nof the OpenStack Identity service API, which provides Identity, Token,\nCatalog, and Policy services.\n\nA flaw was discovered in the way the LDAP backend in keystone handled the\nremoval of a role. A user could unintentionally be granted a role if the\nrole being removed had not been previously granted to that user. Note that\nonly OpenStack Identity setups using an LDAP backend were affected.\n(CVE-2013-4477)\n\nAll openstack-keystone users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\n", "modified": "2018-06-09T14:17:34", "published": "2014-01-30T05:00:00", "id": "RHSA-2014:0113", "href": "https://access.redhat.com/errata/RHSA-2014:0113", "type": "redhat", "title": "(RHSA-2014:0113) Moderate: openstack-keystone security update", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:41:25", "bulletinFamily": "unix", "description": "The OpenStack Identity service (keystone) authenticates and authorizes\nOpenStack users by keeping track of users and their permitted activities.\nThe Identity service supports multiple forms of authentication including\nuser name and password credentials, token-based systems, and AWS-style\nlogins.\n\nThe openstack-keystone packages have been upgraded to upstream version\n2013.2.3, which provides a number of bug fixes over the previous version.\nThe following security issue is also fixed with this release:\n\nIt was found that the memcached token back end of OpenStack Identity\ndid not correctly invalidate a revoked trust token, allowing users with\nrevoked tokens to retain access to services they should no longer be able\nto access. Note that only OpenStack Identity setups using the memcached\nback end for tokens were affected. (CVE-2014-2237)\n\nAll openstack-keystone users are advised to upgrade to these updated\npackages, which correct this issue.\n", "modified": "2018-06-07T02:47:47", "published": "2014-05-29T04:00:00", "id": "RHSA-2014:0580", "href": "https://access.redhat.com/errata/RHSA-2014:0580", "type": "redhat", "title": "(RHSA-2014:0580) Moderate: openstack-keystone security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:38:54", "bulletinFamily": "exploit", "description": "Bugtraq ID:64253\r\nCVE ID:CVE-2013-6391\r\n\r\nKeystone\u662fOpenstack\u4e2d\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u7684\u9879\u76ee\uff0c\u4efb\u4f55\u670d\u52a1\u8bf7\u6c42\u9700\u8981\u7ecf\u8fc7\u5b83\u7684\u9a8c\u8bc1\u83b7\u5f97\u670d\u52a1\u7684endpoint\u3002\r\n\r\nOpenStack Keystone\u5728\u4f7f\u7528trust-scoped\u4ee4\u724c\u751f\u6210EC2\u9a8c\u8bc1\u51ed\u636e\u65f6ec2tokens API\u5b58\u5728\u4e00\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u5229\u7528\u6f0f\u6d1e\u8bbf\u95ee\u5176\u4ed6\u53d7\u9650\u59d4\u6258\u4eba\u89d2\u8272(trustor's roles)\uff0c\u63d0\u5347\u6743\u9650\u3002 \u8981\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u9700\u8981\u5e94\u7528\u542f\u7528\u4e86EC2-style\u9a8c\u8bc1\u3002\n0\nOpenStack Keystone 2013.x\n\u76ee\u524d\u5382\u5546\u6682\u65e0\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.openstack.org/", "modified": "2013-12-16T00:00:00", "published": "2013-12-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61131", "id": "SSV:61131", "type": "seebug", "title": "OpenStack Keystone EC2-style\u4ee4\u724c\u6821\u9a8c\u7279\u6743\u63d0\u5347\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T17:32:25", "bulletinFamily": "exploit", "description": "Bugtraq ID:65895\r\nCVE ID:CVE-2014-2237\r\n\r\nKeystone\u662fOpenstack\u4e2d\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u7684\u9879\u76ee\uff0c\u4efb\u4f55\u670d\u52a1\u8bf7\u6c42\u9700\u8981\u7ecf\u8fc7\u5b83\u7684\u9a8c\u8bc1\u83b7\u5f97\u670d\u52a1\u7684endpoint\u3002\r\n\r\nOpenStack Keystone Keystone\u5185\u5b58\u4ee4\u724c\u540e\u7aef\u5b58\u5728\u6f0f\u6d1e\uff0c\u5f53\u59d4\u6258\u4eba\u63d0\u4ea4\u542f\u7528\u6a21\u62df\u7684\u53ef\u4fe1\u4ee4\u724c\u65f6\uff0c\u4ee4\u724c\u4ec5\u6dfb\u52a0\u5230\u59d4\u6258\u4eba\u4ee4\u724c\u5217\u8868\uff0c\u4f46\u6ca1\u6dfb\u52a0\u5230\u53d7\u6258\u4eba\u4ee4\u724c\u5217\u8868\u3002\u8fd9\u4f1a\u5bfc\u81f4\u53d7\u6258\u4eba\u540a\u9500\u4ee4\u724c\u65f6\u4e0d\u80fd\u4f7f\u4fe1\u4efb\u4ee4\u724c\u6b63\u786e\u5931\u6548\u3002\r\n\u4f7f\u7528memcache\u540e\u7aef\u7684Keystone\u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\u3002\n0\nOpenstack Keystone 2013.1 - 2013.1.4\r\nOpenstack Keystone 2013.2 - 2013.2.2\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nKeystone\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://git.openstack.org/cgit/openstack/keystone/commit/?id=813d1254eb4f7a7d40009b23bbadbc4c5cc5daac", "modified": "2014-03-07T00:00:00", "published": "2014-03-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61698", "id": "SSV:61698", "title": "OpenStack Keystone Trustee\u4ee4\u724c\u540a\u9500\u5931\u8d25\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "ubuntu": [{"lastseen": "2018-08-31T00:10:16", "bulletinFamily": "unix", "description": "Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor\u2019s roles.", "modified": "2013-12-19T00:00:00", "published": "2013-12-19T00:00:00", "id": "USN-2061-1", "href": "https://usn.ubuntu.com/2061-1/", "title": "OpenStack Keystone vulnerability", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T00:09:26", "bulletinFamily": "unix", "description": "Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.", "modified": "2013-11-25T00:00:00", "published": "2013-11-25T00:00:00", "id": "USN-2034-1", "href": "https://usn.ubuntu.com/2034-1/", "title": "OpenStack Keystone vulnerability", "type": "ubuntu", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T00:08:27", "bulletinFamily": "unix", "description": "Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. (CVE-2013-4222)\n\nKieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when using the memcache and KVS backends. An authenticated attacker could exploit this to bypass intended access restrictions. (CVE-2013-4294)", "modified": "2013-10-23T00:00:00", "published": "2013-10-23T00:00:00", "id": "USN-2002-1", "href": "https://usn.ubuntu.com/2002-1/", "title": "Keystone vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:05", "bulletinFamily": "unix", "description": "Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu 12.10 which does not use PKI tokens by default. (CVE-2013-2104)\n\nJose Castro Leon discovered that Keystone did not properly authenticate users when using the LDAP backend. An attacker could obtain valid tokens and impersonate other users by supplying an empty password. By default, Ubuntu does not use the LDAP backend. (CVE-2013-2157)", "modified": "2013-06-14T00:00:00", "published": "2013-06-14T00:00:00", "id": "USN-1875-1", "href": "https://usn.ubuntu.com/1875-1/", "title": "OpenStack Keystone vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2061-1\r\nDecember 19, 2013\r\n\r\nkeystone vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n\r\nSummary:\r\n\r\nKeystone access controls could be circumvented via EC2-style tokens.\r\n\r\nSoftware Description:\r\n- keystone: OpenStack identity service\r\n\r\nDetails:\r\n\r\nSteven Hardy discovered that Keystone did not properly enforce trusts when\r\nusing the ec2tokens API. An authenticated attacker could exploit this to\r\nretrieve a token not scoped to the trust and elevate privileges to the\r\ntrustor&#39;s roles.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n python-keystone 1:2013.2-0ubuntu1.2\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2061-1\r\n CVE-2013-6391\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/keystone/1:2013.2-0ubuntu1.2\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "modified": "2013-12-23T00:00:00", "published": "2013-12-23T00:00:00", "id": "SECURITYVULNS:DOC:30125", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30125", "title": "[USN-2061-1] OpenStack Keystone vulnerability", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2034-1\r\nNovember 25, 2013\r\n\r\nkeystone vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n- Ubuntu 13.04\r\n- Ubuntu 12.10\r\n\r\nSummary:\r\n\r\nKeystone would improperly remove roles when it was configured to use the\r\nLDAP backend.\r\n\r\nSoftware Description:\r\n- keystone: OpenStack identity service\r\n\r\nDetails:\r\n\r\nBrant Knudson discovered a logic error in the LDAP backend in Keystone\r\nwhere removing a role on a tenant for a user who does not have that role\r\nwould instead add the role to the user. An authenticated user could use\r\nthis to gain privileges. Ubuntu is not configured to use the LDAP Keystone\r\nbackend by default.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n python-keystone 1:2013.2-0ubuntu1.1\r\n\r\nUbuntu 13.04:\r\n python-keystone 1:2013.1.4-0ubuntu1.1\r\n\r\nUbuntu 12.10:\r\n python-keystone 2012.2.4-0ubuntu3.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2034-1\r\n CVE-2013-4477\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/keystone/1:2013.2-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/keystone/1:2013.1.4-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/keystone/2012.2.4-0ubuntu3.3\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "modified": "2013-11-26T00:00:00", "published": "2013-11-26T00:00:00", "id": "SECURITYVULNS:DOC:30027", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30027", "title": "[USN-2034-1] OpenStack Keystone vulnerability", "type": "securityvulns", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2002-1\r\nOctober 23, 2013\r\n\r\nkeystone vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.04\r\n- Ubuntu 12.10\r\n\r\nSummary:\r\n\r\nKeystone would improperly grant access to invalid tokens under certain\r\ncircumstances.\r\n\r\nSoftware Description:\r\n- keystone: OpenStack identity service\r\n\r\nDetails:\r\n\r\nChmouel Boudjnah discovered that Keystone did not properly invalidate user\r\ntokens when a tenant was disabled which allowed an authenticated user to\r\nretain access via the token. &#40;CVE-2013-4222&#41;\r\n\r\nKieran Spear discovered that Keystone did not properly verify PKI tokens\r\nwhen performing revocation when using the memcache and KVS backends. An\r\nauthenticated attacker could exploit this to bypass intended access\r\nrestrictions. &#40;CVE-2013-4294&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.04:\r\n python-keystone 1:2013.1.3-0ubuntu1.1\r\n\r\nUbuntu 12.10:\r\n python-keystone 2012.2.4-0ubuntu3.2\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2002-1\r\n CVE-2013-4222, CVE-2013-4294\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/keystone/1:2013.1.3-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/keystone/2012.2.4-0ubuntu3.2\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "modified": "2013-10-28T00:00:00", "published": "2013-10-28T00:00:00", "id": "SECURITYVULNS:DOC:29964", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29964", "title": "[USN-2002-1] Keystone vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1875-1\r\nJune 14, 2013\r\n\r\nkeystone vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.04\r\n- Ubuntu 12.10\r\n\r\nSummary:\r\n\r\nKeystone did not always properly verify expired PKI tokens or properly\r\nauthenticate users.\r\n\r\nSoftware Description:\r\n- keystone: OpenStack identity service\r\n\r\nDetails:\r\n\r\nEoghan Glynn and Alex Meade discovered that Keystone did not properly\r\nperform expiry checks for the PKI tokens used in Keystone. If Keystone were\r\nsetup to use PKI tokens, a previously authenticated user could continue to\r\nuse a PKI token for longer than intended. This issue only affected Ubuntu\r\n12.10 which does not use PKI tokens by default. &#40;CVE-2013-2104&#41;\r\n\r\nJose Castro Leon discovered that Keystone did not properly authenticate\r\nusers when using the LDAP backend. An attacker could obtain valid tokens\r\nand impersonate other users by supplying an empty password. By default,\r\nUbuntu does not use the LDAP backend. &#40;CVE-2013-2157&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.04:\r\n python-keystone 1:2013.1.1-0ubuntu2.1\r\n\r\nUbuntu 12.10:\r\n python-keystone 2012.2.4-0ubuntu3.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1875-1\r\n CVE-2013-2104, CVE-2013-2157\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/keystone/1:2013.1.1-0ubuntu2.1\r\n https://launchpad.net/ubuntu/+source/keystone/2012.2.4-0ubuntu3.1\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "modified": "2013-06-17T00:00:00", "published": "2013-06-17T00:00:00", "id": "SECURITYVULNS:DOC:29466", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29466", "title": "[USN-1875-1] OpenStack Keystone vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "description": "DoS, information leakage.", "modified": "2013-12-23T00:00:00", "published": "2013-12-23T00:00:00", "id": "SECURITYVULNS:VULN:13374", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13374", "title": "OpenStack multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "description": "Keystone protection bypass and authentication bypass, Nova DoS.", "modified": "2013-07-01T00:00:00", "published": "2013-07-01T00:00:00", "id": "SECURITYVULNS:VULN:13128", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13128", "title": "OpenStack multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}