Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Steven Hardy discovered that OpenStack Keystone did not properly
handle chained delegation. A remove authenticated attacker could use
this to gain privileges by creating a new token with additional roles.
Jamie Lennox discovered that OpenStack Keystone did not properly
validate the project id. A remote authenticated attacker may be able
to use this to access other projects. (CVE-2014-3520)
Brant Knudson and Lance Bragstad discovered that OpenStack Keystone
would not always revoke tokens correctly. If Keystone were configured
to use revocation events, a remote authenticated attacker could
continue to have access to resources. (CVE-2014-5251, CVE-2014-5252,
Update the affected python-keystone package.
Risk factor :
Medium / CVSS Base Score : 6.0
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 77324 ()
CVE ID: CVE-2014-3476CVE-2014-3520CVE-2014-5251CVE-2014-5252CVE-2014-5253
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.