Oracle Solaris Third-Party Patch Update : keystone (cve_2014_2828_authentication_issues)
High Nessus Plugin ID 80657
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka 'authentication chaining.' (CVE-2014-2828)
SolutionUpgrade to Solaris 11.2.