CVE-2013-2030

Currently unrated

Key Information:

Vendor: Openstack
Status: Compute; Grizzly; Havana; Folsom
Vendor: CVE Published:; 27 December 2013

Summary

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

References

http://www.openwall.com/lists/oss-security/2013/05/09/2

mailing-listx_refsource_MLIST

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://lists.openstack.org/pipermail/openstack-announce/2...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Dec 27, 2013
Vulnerability Reserved
Feb 19, 2013