PublicDateAtUSN: 2013-09-23
Candidate: CVE-2013-4294
PublicDate: 2013-09-23 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294
 https://ubuntu.com/security/notices/USN-2002-1
Description:
 The (1) mamcache and (2) KVS token backends in OpenStack Identity
 (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly
 compare the PKI token revocation list with PKI tokens, which allow remote
 attackers to bypass intended access restrictions via a revoked PKI token.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/keystone/+bug/1202952
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_keystone:
 upstream: https://review.openstack.org/#/c/46080/ (grizzly)
 upstream: https://review.openstack.org/#/c/46079/ (folsom)
upstream_keystone: released (1:2013.2~rc4)
lucid_keystone: DNE
precise_keystone: not-affected (code-not-present)
quantal_keystone: released (2012.2.4-0ubuntu3.2)
raring_keystone: released (1:2013.1.3-0ubuntu1.1)
saucy_keystone: not-affected (1:2013.2~rc4-0ubuntu1)
devel_keystone: not-affected (1:2013.2~rc4-0ubuntu1)