UBUNTU-CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation

It was found that PKIX trust components allowed an X.509 credential to be trusted if no trusted names were available for the entityID. An attacker could use a certificate issued by a shibmd:KeyAuthority trust anchor to impersonate an entity within the scope of that keyAuthority...

tcpdump denial of service vulnerability (CNVD-2015-01978)

tcpdump is a network protocol analysis tool. The rpki-rtrpduprint function in tcpdump print-rpki-rtr.c fails to properly check header field lengths in RPKI-RTR Protocol Data Units PDUs, allowing attackers to conduct denial of service or arbitrary code execution attacks...

PYSEC-2014-69

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends

The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...

DEBIAN-CVE-2013-4294

The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...

PYSEC-2013-42

The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...

keystone: online validation of Keystone PKI tokens bypasses revocation check

OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...

PT-2013-3441 · Openstack · Openstack Keystone

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone version 2012.2 Description: The issue allows remote attackers to bypass intended access restrictions via a revoked PKI token, due to improper revocation checks for Keystone PKI tokens when performed through a server...

Fedora Update for pki-core FEDORA-2012-20243

Check for the Version of pki-core OpenVAS Vulnerability Test Fedora Update for pki-core FEDORA-2012-20243 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for pki-core FEDORA-2012-20220

Check for the Version of pki-core OpenVAS Vulnerability Test Fedora Update for pki-core FEDORA-2012-20220 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 17 Update: pki-core-9.0.25-1.fc17

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D || ABOUT "CERTIFICATE SYSTEM" || =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D Certificate System CS is an enterprise software system...

DEBIAN-CVE-2012-3449

Open vSwitch 1.4.2 uses world writable permissions for 1 /var/lib/openvswitch/pki/controllerca/incoming/ and 2 /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files...

Researchers Unveil New Way to Trust Certificates

Two independent researchers are proposing an extension for TLS to provide greater trust in certificate authorities, which have become a weak link in the entire public key infrastructure after some big breaches involving fraudulent SSL certificates. TACK, short for Trust Assertions for Certificate...

Fedora Update for myproxy FEDORA-2011-0512

Check for the Version of myproxy OpenVAS Vulnerability Test Fedora Update for myproxy FEDORA-2011-0512 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Moderate: Red Hat Security Advisory: rhpki security and enhancement update

Updated rhpki-ca, rhpki-common, and rhpki-util packages that fix three security issues and add several enhancements are now available for Red Hat Certificate System 7.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring Syste...

PT-2009-3770 · Check Point · Check Point Firewall-1

Name of the Vulnerable Software and Affected Versions: Check Point Firewall-1 PKI Web Service affected versions not specified Description: A buffer overflow issue in the PKI Web Service allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long Authorizati...

Moderate: Red Hat Security Advisory: rhpki security and bug fix update

Updated pkisetup, rhpki-common, rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks, and rhpki-tps and rhpki-util for Solaris 9 packages that fix various security issues and several bugs are now available for Red Hat Certificate System 7.2. This update has been rated as having moderate security impact by...

Important: Red Hat Security Advisory: rhpki-common security update

Updated rhpki-common packages that fix a security issue are now available for Red Hat Certificate System 7.2. This update has been rated as having important security impact by the Red Hat Security Response Team. Red Hat Certificate System RHCS is an enterprise software system designed to manage...

OpenCA certificate spoofing

A flaw could cause OpenCA to accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA. This means that a certificate from another PKI can authorize operations on the used PKI if the chain of the used signature certifcate can establish a trust...