1 message in net.launchpad.lists.openstack[Openstack] [OSSA 2013-003] Keystone ...| From | Sent On | Attachments |
|---|---|---|
| Thierry Carrez | Feb 5, 2013 8:21 am |
| Subject: | [Openstack] [OSSA 2013-003] Keystone denial of service through invalid token requests (CVE-2013-0247) | |
|---|---|---|
| From: | Thierry Carrez (thie...@openstack.org) | |
| Date: | Feb 5, 2013 8:21:17 am | |
| List: | net.launchpad.lists.openstack | |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
OpenStack Security Advisory: 2013-003 CVE: CVE-2013-0247 Date: February 5, 2013 Title: Keystone denial of service through invalid token requests Reporter: Dan Prince (Red Hat) Products: Keystone Affects: All versions
Description: Dan Prince of Red Hat reported a vulnerability in token creation error handling in Keystone. By requesting lots of invalid tokens, an unauthenticated user may fill up logs on Keystone API servers disks, potentially resulting in a denial of service attack against Keystone.
Grizzly (development branch) fix: https://github.com/openstack/keystone/commit/8ec247bf61be0e487332d5d891246d2b7b606989
Folsom fix: https://github.com/openstack/keystone/commit/bb2226f944aaa38beb7fc08ce0a78796e51e2680
Essex fix: https://review.openstack.org/#/c/21216/
References: https://bugs.launchpad.net/keystone/+bug/1098307 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0247
- -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCAAGBQJRETGUAAoJEFB6+JAlsQQjbC0QAIzjY1gNe/Lr2X+xDOvz+q2v 7O6Tn2ZV3X1/fgdVbicl4CVnNzkb3mbG1/pIEl7FbpSFfY6a3a8leJZD7u9bKB6z M4xNGXITGJoT7HBo8ABvDH4X6p5oA/LDkuCZVotY4SHa5xIYRcQk884DbnIYoGe7 zXEek352gHgX7m0DmABm8Pz8E+IpyFIp8rdPEv4w9EeVDJmjhZvcgsMhKZmNahph DyBMDvdGY7nXeurzI43tMdWHkqYCljq1qagLqzNxjXJj796FNixUdwnBfmvkRuDI XvNOGQEnwWMdwRhHgQm9C6o9Y8OYnA2XXLxjKhYuNOYT09c2ZPqhITuT1Aka8eg4 Xnqt6OnGLhA8qq0zYfRPGAZFXghQ20NqSDU4CaZntYS9bFUZjQegnKA9qmo2bdJp TbtE/UoZgDAxAvm5n0myHuT2nw75RCM0FWvbKA6VpgK2qikx77rK6/Y5M68F1288 hj7qxMUrbsj0aNBPoWkgpUdIzH3oLsvVq4tRxhSUGj06UIOtXo9QVpxRjmOU46eM HKKL0n2Gfmi+kXgJfUdlGeQjlYUnNIx4pljn0RHRwyc5nLGdLUTy6ufnRclYRKSY roS2qlrR+gDkKeHP3JS1zcdFblg/VKrAK5IN+JIeKRbZ+l/g2ghFemoVYjdduR3E IRB0CC4khRi7njgBdDl1 =CzsK -----END PGP SIGNATURE-----
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : open...@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp