RHEL 6 : openstack-keystone (RHSA-2012:1556)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1556 advisory. - OpenStack: Keystone /etc/keystone/ec2rc secret key exposure CVE-2012-5483 - OpenStack: Keystone EC2-style credentials invalidation issue...

CVE-2012-5571

OpenStack Keystone is affected by CVE-2012-5571: EC2-style credentials can bypass authorization when a user’s role is removed from a tenant, allowing remote authenticated access. Root cause: improper handling of EC2 tokens tied to removed roles. Impact: unauthorized access to resources. Affected ...

Fedora 17 : openstack-keystone-2012.1.3-3.fc17 (2012-19341)

EC2-style credentials invalidation issue CVE-2012-5571 - Fix /etc/keystone directory permission CVE-2012-5483 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...

Fedora Update for openstack-keystone FEDORA-2012-19341

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update

Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update

Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1641-1)

Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. CVE-2012-5571 It was...

Ubuntu: Security Advisory (USN-1641-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1641-1: OpenStack Keystone vulnerabilities

Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. CVE-2012-5571 It was...