| Summary: | sys-auth/keystone: Unintentional role granting with Keystone LDAP backend (CVE-2013-4477) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Mikle Kolyada (RETIRED) <zlogene> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://seclists.org/oss-sec/2013/q4/186 | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
fixed by upstream: https://review.openstack.org/#/c/53146/ CVE-2013-4477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4477): The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. fixed in tree
keystone-2013.1.4-r1.ebuild: "${FILESDIR}/2013.1.4-CVE-2013-4477.patch"
keystone-2013.2-r1.ebuild: "${FILESDIR}/2013.2-CVE-2013-4477.patch"
|
from ${URL}: A vulnerability was discovered in OpenStack (see below). In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. """ Title: Unintentional role granting with Keystone LDAP backend Reporter: The IBM OpenStack test team Products: Keystone Affects: Grizzly, Havana Description: The IBM OpenStack test team reported a vulnerability in role change code within the Keystone LDAP backend. When a role on a tenant is removed from a user, and that user doesn't have that role on the tenant, then the user may actually be granted the role on the tenant. A user could use social engineering and leverage that vulnerability to get extra roles granted, or may accidentally be granted extra roles. Only Keystone setups using a LDAP backend are affected. """ References: https://bugs.launchpad.net/keystone/+bug/1242855 Thanks in advance, - -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team