PublicDateAtUSN: 2013-02-05 15:00:00 UTC
Candidate: CVE-2013-0247
CRD: 2013-02-05 15:00:00 UTC
PublicDate: 2013-02-24 19:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0247
 http://lists.openstack.org/pipermail/openstack-announce/2013-February/000074.html
 https://ubuntu.com/security/notices/USN-1715-1
Description:
 OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier,
 and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial
 of service (disk consumption) via many invalid token requests that trigger
 excessive generation of log entries.
Ubuntu-Description: 
Notes: 
 jdstrand> Keystone on 11.10 is a pre-release version and unusable with other
  components such as nova and horizon
 jdstrand> 2013.1~g2-0ubuntu1 is affected. Server team will provide this as
  part of their regular updates for Ubuntu 13.04 (deferring for now)
 jdstrand> reproducer in the bug
Bugs: 
 https://bugs.launchpad.net/keystone/+bug/1098307
Priority: medium
Discovered-by: Dan Prince
Assigned-to: jdstrand
CVSS: 

Patches_keystone:
upstream_keystone: needs-triage
hardy_keystone: DNE
lucid_keystone: DNE
oneiric_keystone: ignored
precise_keystone: released (2012.1+stable~20120824-a16a0ab9-0ubuntu2.4)
quantal_keystone: released (2012.2.1-0ubuntu1.1)
devel_keystone: not-affected (2013.1.g3-0ubuntu1)