[OSSA 2013-017] Issues in Keystone middleware memcache signing/encryption feature (CVE-2013-2166, CVE-2013-2167)

20 Jun 2013

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OpenStack Security Advisory: 2013-017
CVE: CVE-2013-2166, CVE-2013-2167
Date: June 19, 2013
Title: Issues in Keystone middleware memcache signing/encryption feature
Reporter: Paul McMillan (Nebula)
Products: python-keystoneclient
Affects: version 0.2.3 to 0.2.5

Description:
Paul McMillan from Nebula reported multiple issues in the implementation
of memcache signing/encryption feature in Keystone client middleware. An
attacker with direct write access to the memcache backend (or in a
man-in-the-middle position) could insert malicious data and potentially
bypass the encryption (CVE-2013-2166) or signing (CVE-2013-2167)
security strategy that was specified. Only setups that make use of
memcache caching in the Keystone middleware (specify memcache_servers)
and using ENCRYPT or MAC as their memcache_security_strategy are affected.

python-keystoneclient fix (will be included in upcoming 0.2.6 release):
https://review.openstack.org/#/c/33661

References:
https://bugs.launchpad.net/python-keystoneclient/+bug/1175367
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2166
https://bugs.launchpad.net/python-keystoneclient/+bug/1175368
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2167

- -- 
Thierry Carrez (ttx)
OpenStack Vulnerability Management Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCAAGBQJRwdC5AAoJEFB6+JAlsQQjOTQP/1q8R6aPU9RcbsZ5pRm4YU7L
gp1XHpoCKmAAFhPjVbjOXLfW0xAfa0B+ATG/BeM4dvysgnQIRb21D4vu4wqCyLq/
Mw6pvytEyd5hGWpSY5eG6cQJ+UrACRDRgjMDIrR6PkwfWK0wW1p+2XzbzH9WIO7F
u4/oneUOSlN04wLd1qx0hy2mybFGUu8rPsJyaPJq2qivhGOwIOq85WddurtK1wXl
aTdYnavJxmUsTLFHjlpveKaEmlGrYNxeAMTpkZiSANPxU9rcjZNNEmgdGriV1Cdp
U3A08z+s7UiZT10cXg3y3C3pNV+upiS5b939fvrSCdJcMmSUBDZ9Bz9zpMYZ/EZm
gJLBe2HskHmOfUzdgmVla2HLKqex/no4aLqbVBLkpFhkesKWz+2mTjvTAygjL5vg
Ps8viGv80b1DwSUoyI22VChDkXmarkfOFbIdl7yu3h6LDXOSUawA1OiELjlSHyB4
AM1Vl3bSYT9MSHvwymSd4ML/nH01nE0COb1kLzWEqDyFUfq6NjyCOkb74rgrjLH5
E1LVG/4DyYtQ0unOtIT2wyYqEUINAV/qv/GwkhMqroGbPle63+OLRaDtVSciiEdj
z/ljz6eMGEeD/cHi80yhsKGo0HjmXzG3X83Y6cSaqWbXUvIw0kbidLwX4fzlnGr0
JCWckqbCAwwKyRNAADVb
=1zJ2
-----END PGP SIGNATURE-----

Thierry Carrez

tags

participants (1)