Fedora 18 : openstack-keystone-2012.2.4-3.fc18 (2013-8048)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Revoke tokens on user delete CVE-2013-2059

- authtoken: Securely create signing_dir CVE-2013-2030

- avoid potential disclosure in log files and restrict
/var/log/keystone/ CVE-2013-2006

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=956007
https://bugzilla.redhat.com/show_bug.cgi?id=956474
https://bugzilla.redhat.com/show_bug.cgi?id=958285
https://bugzilla.redhat.com/show_bug.cgi?id=960203
http://www.nessus.org/u?5199ec33

Solution :

Update the affected openstack-keystone package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 66531 ()

Bugtraq ID: 59411
59786
59787

CVE ID: CVE-2013-2006
CVE-2013-2030
CVE-2013-2059

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now