<div dir="ltr"><div class="gmail_extra">Peter Feiner from Gridcentric, Inc. deserves special mention for independently reporting the same underlying error:</div><div class="gmail_extra"><br></div><div class="gmail_extra">  <a href="https://bugs.launchpad.net/python-keystoneclient/+bug/1289074">https://bugs.launchpad.net/python-keystoneclient/+bug/1289074</a><br>

</div><div class="gmail_extra"><br></div><div class="gmail_extra">He also suggested an approach to fix the error which closed the security vulnerability as well. Thanks, Peter!</div><div class="gmail_extra"><br><div class="gmail_quote">

On Thu, Mar 27, 2014 at 10:00 AM, Tristan Cacqueray <span dir="ltr"><<a href="mailto:tristan.cacqueray@enovance.com" target="_blank">tristan.cacqueray@enovance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

OpenStack Security Advisory: 2014-007<br>
CVE: CVE-2014-0105<br>
Date: March 27, 2014<br>
Title: Potential context confusion in Keystone middleware<br>
Reporter: Kieran Spear (University of Melbourne)<br>
Products: python-keystoneclient<br>
Versions: All versions up to 0.6.0<br>
<br>
Description:<br>
Kieran Spear from the University of Melbourne reported a vulnerability<br>
in Keystone auth_token middleware (shipped in python-keystoneclient). By<br>
doing repeated requests, with sufficient load on the target system, an<br>
authenticated user may in certain situations assume another<br>
authenticated user's complete identity and multi-tenant authorizations,<br>
potentially resulting in a privilege escalation. Note that it is related<br>
to a bad interaction between eventlet and python-memcached that should<br>
be avoided if the calling process already monkey-patches "thread" to use<br>
eventlet. Only keystone middleware setups using auth_token with memcache<br>
are vulnerable.<br>
<br>
python-keystoneclient fix (included in 0.7.0 release):<br>
<a href="https://review.openstack.org/81078" target="_blank">https://review.openstack.org/81078</a><br>
<br>
References:<br>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105</a><br>
<a href="https://bugs.launchpad.net/bugs/1282865" target="_blank">https://bugs.launchpad.net/bugs/1282865</a><br>
<span class=""><font color="#888888"><br>
--<br>
Tristan Cacqueray<br>
OpenStack Vulnerability Management Team<br>
<br>
<br>
<br>
</font></span><br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to     : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div></div>