Ubuntu 12.10 / 13.04 / 13.10 : keystone vulnerability (USN-2034-1)
Low Nessus Plugin ID 71094
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionBrant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected python-keystone package.