[Openstack] [OSSA 2014-007] Potential context confusion in Keystone middleware (CVE-2014-0105)

Dolph Mathews dolph.mathews at gmail.com
Thu Mar 27 15:32:02 UTC 2014 

Peter Feiner from Gridcentric, Inc. deserves special mention for
independently reporting the same underlying error:

  https://bugs.launchpad.net/python-keystoneclient/+bug/1289074

He also suggested an approach to fix the error which closed the security
vulnerability as well. Thanks, Peter!

On Thu, Mar 27, 2014 at 10:00 AM, Tristan Cacqueray <
tristan.cacqueray at enovance.com> wrote:

> OpenStack Security Advisory: 2014-007
> CVE: CVE-2014-0105
> Date: March 27, 2014
> Title: Potential context confusion in Keystone middleware
> Reporter: Kieran Spear (University of Melbourne)
> Products: python-keystoneclient
> Versions: All versions up to 0.6.0
>
> Description:
> Kieran Spear from the University of Melbourne reported a vulnerability
> in Keystone auth_token middleware (shipped in python-keystoneclient). By
> doing repeated requests, with sufficient load on the target system, an
> authenticated user may in certain situations assume another
> authenticated user's complete identity and multi-tenant authorizations,
> potentially resulting in a privilege escalation. Note that it is related
> to a bad interaction between eventlet and python-memcached that should
> be avoided if the calling process already monkey-patches "thread" to use
> eventlet. Only keystone middleware setups using auth_token with memcache
> are vulnerable.
>
> python-keystoneclient fix (included in 0.7.0 release):
> https://review.openstack.org/81078
>
> References:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
> https://bugs.launchpad.net/bugs/1282865
>
> --
> Tristan Cacqueray
> OpenStack Vulnerability Management Team
>
>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140327/a12091ea/attachment.html>

More information about the Openstack mailing list