python-keystoneclient is vulnerable to Encryption and Signing Bypass. A flaw was found in the way python-keystoneclient verified data from memcached. Even when the memcache_security_strategy setting in /etc/swift/proxy-server.conf
was set to MAC to perform signature checking, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to modify data in memcached that will later pass signature checking in python-keystoneclient.
lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html
rhn.redhat.com/errata/RHSA-2013-0992.html
www.openwall.com/lists/oss-security/2013/06/19/5
www.securityfocus.com/bid/60680
access.redhat.com/errata/RHSA-2013:0992
access.redhat.com/security/cve/cve-2013-2167
access.redhat.com/security/updates/classification/#important
bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167
bugzilla.redhat.com/show_bug.cgi?id=971026
bugzilla.redhat.com/show_bug.cgi?id=974271
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167
exchange.xforce.ibmcloud.com/vulnerabilities/85492
rhn.redhat.com/errata/RHSA-2013-0992.html
security-tracker.debian.org/tracker/CVE-2013-2167