Bug 819349 - VUL-1: openstack-nova: CVE-2013-2030: Nova uses insecure keystone middleware tmpdir by default
VUL-1: openstack-nova: CVE-2013-2030: Nova uses insecure keystone middleware ...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2013-05-10 13:45 UTC by Alexander Bergmann
Modified: 2013-07-05 14:30 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2013-05-10 13:45:11 UTC
Public via oss-security:

Date: Thu, 09 May 2013 17:15:44 +0200
From: Thierry Carrez
Subject: [oss-security] [OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by default (CVE-2013-2030)

OpenStack Security Advisory: 2013-010
CVE: CVE-2013-2030
Date: May 9, 2013
Title: Nova uses insecure keystone middleware tmpdir by default
Reporter: Grant Murphy (Red Hat), Anton Lundin
Products: Nova
Affects: Folsom, Grizzly

Grant Murphy from Red Hat and Anton Lundin both independently reported a
vulnerability in Nova's default location for the Keystone middleware
signing directory (signing_dir). By previously setting up a malicious
directory structure, an attacker with local shell access on the Nova
node could potentially issue forged tokens that would be accepted by the
middleware. Only setups that use the default value for signing_dir are
affected. Note that future versions of the Keystone middleware will
issue a warning if an insecure signing directory is used.

Havana (development branch) fix:

Grizzly fix:

Folsom fix:

Comment 1 Swamp Workflow Management 2013-05-10 22:00:22 UTC
bugbot adjusting priority
Comment 2 Vincent Untz 2013-06-10 09:18:43 UTC
Only affects Folsom and later, so openSUSE 12.3.
Comment 3 Vincent Untz 2013-06-17 02:26:17 UTC
Submitted: sr#179255.
Comment 4 Swamp Workflow Management 2013-06-27 05:04:20 UTC
openSUSE-SU-2013:1087-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 819349
CVE References: CVE-2013-2030
Sources used:
openSUSE 12.3 (src):    openstack-nova-2012.2.4+git.1363297910.9561484-2.10.1, openstack-nova-doc-2012.2.4+git.1363297910.9561484-2.10.4, python-greenlet-0.4.0-3.3.1
Comment 5 Marcus Meissner 2013-07-05 14:30:33 UTC