[Secure-testing-team] Bug#742898: CVE-2014-0105: Potential context confusion in Keystone middleware
Thomas Goirand
zigo at debian.org
Fri Mar 28 18:32:16 UTC 2014
Package: python-keystoneclient
Version: 1:0.6.0-2
Severity: important
Tags: security
Title: Potential context confusion in Keystone middleware
Reporter: Kieran Spear (University of Melbourne)
Products: python-keystoneclient
Versions: All versions up to 0.6.0
Description:
Kieran Spear from the University of Melbourne reported a vulnerability
in Keystone auth_token middleware (shipped in python-keystoneclient). By
doing repeated requests, with sufficient load on the target system, an
authenticated user may in certain situations assume another
authenticated user's complete identity and multi-tenant authorizations,
potentially resulting in a privilege escalation. Note that it is related
to a bad interaction between eventlet and python-memcached that should
be avoided if the calling process already monkey-patches "thread" to use
eventlet. Only keystone middleware setups using auth_token with memcache
are vulnerable.
Proposed patch:
See attached patch. This patch has already been merged to the master
branch of python-keystoneclient and will be included in the 0.7.0 release.
Note from the maintainer: I have the package ready, and will upload it
as soon as I have the ACK form the bug tracker.
More information about the Secure-testing-team
mailing list