Ubuntu Update for keystone USN-2034-1

Check for the Version of keystone OpenVAS Vulnerability Test $Id: gbubuntuUSN20341.nasl 8509 2018-01-24 06:57:46Z teissa $ Ubuntu Update for keystone USN-2034-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Ubuntu 12.10 / 13.04 / 13.10 : keystone vulnerability (USN-2034-1)

Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backen...

Ubuntu: Security Advisory (USN-2034-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2034-1: OpenStack Keystone vulnerability

Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backen...

Moderate: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

OpenStack: Keystone disabling a tenant does not disable a user token

OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...

[SECURITY] Fedora 19 Update: openstack-keystone-2013.1.4-2.fc19

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

Fedora Update for openstack-keystone FEDORA-2013-20373

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-20373 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora 19 : openstack-keystone-2013.1.4-2.fc19 (2013-20373)

update to 2013.1.4 stable/grizzly release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...

Fedora Update for openstack-keystone FEDORA-2013-20373

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2013-4477

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

CVE-2013-4477

CVE-2013-4477 affects the LDAP backend of OpenStack Identity (Keystone) in the Grizzly and Havana releases. The issue occurs when removing a role on a tenant for a user who does not have that role; Keystone ends up granting that role to the user, effectively allowing local users to gain privilege...

CVE-2013-4477

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

CVE-2013-4477

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

Ubuntu Update for keystone USN-2002-1

Check for the Version of keystone OpenVAS Vulnerability Test $Id: gbubuntuUSN20021.nasl 8466 2018-01-19 06:58:30Z teissa $ Ubuntu Update for keystone USN-2002-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Ubuntu: Security Advisory (USN-2002-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-2002-1] Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-2002-1 October 23, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

Ubuntu 12.10 / 13.04 : keystone vulnerabilities (USN-2002-1)

Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. CVE-2013-4222 Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when...

USN-2002-1: Keystone vulnerabilities

Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. CVE-2013-4222 Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when...

DEBIAN-CVE-2013-2013

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process...