CVE-2014-5253

CVE-2014-5253 affects OpenStack Keystone (2014.1.x before 2014.1.2.1 and Juno before Juno-3). The issue is that domain invalidation does not properly revoke tokens, allowing remote authenticated users to retain access via a domain-scoped token for that domain. Connected sources (e.g., GHSA-77W8-Q...

[USN-2324-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-2324-1 August 21, 2014 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu: Security Advisory (USN-2324-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : OpenStack Keystone vulnerabilities (USN-2324-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2324-1 advisory. Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain...

USN-2324-1 keystone vulnerabilities

Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. CVE-2014-3476 Jamie Lennox discovered that OpenStack Keystone did not properly validate the...

USN-2324-1: OpenStack Keystone vulnerabilities

Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. CVE-2014-3476 Jamie Lennox discovered that OpenStack Keystone did not properly validate the...

Security changes in Opera 23

News Security changes in Opera 23 Share August 19th, 2014 Opera 23 has been out on the stable channel for a while, and we have just released a few silent security updates as well. The first was a regular Opera security fix, the second was to take in a security patch in advance of the regular...

CVE-2014-5251

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

UBUNTU-CVE-2014-5253

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

Oracle 10g KUPV$FT.ATTACH_JOB - SQL Injection Exploit (2)

No description provided by source. !/usr/bin/perl Remote Oracle KUPV$FT.ATTACHJOB exploit 10g - Version 2 - New evil cursor injection tip! - No create procedure privileg needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user Tested on...

Oracle 9i/10g ACTIVATE_SUBSCRIPTION - SQL Injection Exploit (2)

No description provided by source. !/usr/bin/perl Remote Oracle DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION exploit 9i/10g - Version 2 - New evil cursor injection tip! - No create procedure privileg needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to...

openSUSE Security Update : opera (openSUSE-SU-2012:1481-1)

This Opera 12.10 security update fixes following security issues : -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate...

openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)

The Mozilla January 8th 2013 security release contains updates : Mozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. - MFSA...

openstack-keystone: trustee token revocation does not work with memcache backend

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

OpenSSL Heartbleed and the Value of CRLs

One of the consequences of the drama around the OpenSSL heartbleed vulnerability is that security experts have begun taking a hard look again at the certificate revocation process and whether it actually protects users or gives them any visibility into the validity of a given certificate. In a lo...

Private Keys Stolen from OpenVPN Using Heartbleed

You can add OpenVPN to the growing list of products and services vulnerable to the Heartbleed OpenSSL vulnerability. Worse, researchers have been able to chain together exploits to steal private keys from traffic moving through the open source virtual private network software package. A Swedish V...

Certificate Revocation Slow on Heartbleed Web Servers

The rush to revoke and replace digital certificates on Heartbleed-vulnerable Web servers seems to be no rush at all. Internet research and security services firm Netcraft reports today that of the more than 500,000 servers it knows of that are running vulnerable versions of OpenSSL, only 80,000...

SUSE-SU-2015:0841-1 Recommended update for mono-core

This update adds handling of SHA256 hashes to parts of the X509 Certificate classes in the C implementation of Mono bnc871362 and improves handling of non-existing certificate revocation lists bnc810747, bnc606002...

SSL Certificate Chain Contains RSA Keys Less Than 2048 bits (PCI DSS)

At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser CA/B Forum, certificates issued after January 1, 2014 must be at least 2048 bits. Some browser SSL implementations ma...

openstack-keystone: trustee token revocation does not work with memcache backend

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...