Package: python-keystoneclient Version: 1:0.6.0-2 Severity: important Tags: security
Title: Potential context confusion in Keystone middleware Reporter: Kieran Spear (University of Melbourne) Products: python-keystoneclient Versions: All versions up to 0.6.0 Description: Kieran Spear from the University of Melbourne reported a vulnerability in Keystone auth_token middleware (shipped in python-keystoneclient). By doing repeated requests, with sufficient load on the target system, an authenticated user may in certain situations assume another authenticated user's complete identity and multi-tenant authorizations, potentially resulting in a privilege escalation. Note that it is related to a bad interaction between eventlet and python-memcached that should be avoided if the calling process already monkey-patches "thread" to use eventlet. Only keystone middleware setups using auth_token with memcache are vulnerable. Proposed patch: See attached patch. This patch has already been merged to the master branch of python-keystoneclient and will be included in the 0.7.0 release. Note from the maintainer: I have the package ready, and will upload it as soon as I have the ACK form the bug tracker. _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
