First published: Tue Apr 30 2013(Updated: )
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
pip/python-keystoneclient | <0.2.4 | 0.2.4 |
OpenStack Compute | =2013.1 | |
OpenStack Compute | =2013.1.1 | |
OpenStack Compute | =2013.1.2 | |
OpenStack Compute | =2013.1.3 | |
OpenStack Folsom | ||
Openstack Grizzly | =2013.1 | |
Openstack Havana | =havana-1 | |
Openstack Havana | =havana-2 | |
Openstack Havana | =havana-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.