[OSSA 2013-028] Unintentional role granting with Keystone LDAP backend (CVE-2013-4477)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenStack Security Advisory: 2013-028 CVE: CVE-2013-4477 Date: October 30, 2013 Title: Unintentional role granting with Keystone LDAP backend Reporter: The IBM OpenStack test team Products: Keystone Affects: All supported versions Description: The IBM OpenStack test team reported a vulnerability in role change code within the Keystone LDAP backend. When a role on a tenant is removed from a user, and that user doesn't have that role on the tenant, then the user may actually be granted the role on the tenant. A user could use social engineering and leverage that vulnerability to get extra roles granted, or may accidentally be granted extra roles. Only Keystone setups using a LDAP backend are affected. Icehouse (development branch) fix: https://review.openstack.org/53012 Havana fix: https://review.openstack.org/53146 Grizzly fix: https://review.openstack.org/53154 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477 https://bugs.launchpad.net/keystone/+bug/1242855 Regards, - -- Thierry Carrez OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJScTVeAAoJEFB6+JAlsQQjJYkP/Aw7sQEKwKSLPbB/XO03TebK xPiZrBEa4ayO1StiFkVgsWEFYltFpRlq6FwNePenSpT5yb6GzbYaV/AL2UbZYL3N Zs+vVikk5nZENNd0HW5auywVcyC61IjjAVSOdZDrq6tLR3gheBm57TLZeAtmGv1r EHc0SlRiuFlnnFN5Drvcfk3Y0MhcbvGE/wor+vfEXn96/3mqmuA2AZ9i7KpOsZnV pGJMzd/d73JAW/SubhgBfLHmXqlcAhfU3jD9NRwW1wEHBQk/W+D4iZhtqSmSnpjI htcAel/gv85pjmsTH5Cm8jXgEgHye3/B8uKIStzSIAW6hyv5amxTdpPchafqIyLl xDivYmh5p+eZVh13sh6tWw12CIJz5784m5fiqyPh9bZYBZ60CXScO1P/LVb7RN+m dVh7wfQg/kUWH0bj1TX3c8ntcU0+9ve4nVEse0D0X8g9UF8Xp4UJQnMi1DBpHPj1 CcdlAO780ftvmRjn84Zf1CDSNcdesD3e/tpxp+eJJ3fVev10Ga2E6AUVnolm/Pvs a5tLe5gUpsEWVCx++cm8Lb+8ifzIJ55c05fOfvF23AHJ397fiwkZbhSHKj+Lwapt XZIYR0ENw2Xc4m+AMjSXOZuFwOkZ5+C5ZlFVT5L2nezyl1vbg/Mx5w6XWzywBEo9 hmS58i+92JQMbV93nTLH =rkrZ -----END PGP SIGNATURE-----
participants (1)
-
Thierry Carrez