CVE-2013-2030

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-2030 at MITRE

Description

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

NVD CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)

SUSE information

SUSE Bugzilla entry: 819349

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • openstack-nova >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-api >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-cert >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-compute >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-doc >= 2012.2.4+git.1363297910.9561484-2.10.4
  • openstack-nova-network >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-novncproxy >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-objectstore >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-scheduler >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-test >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-vncproxy >= 2012.2.4+git.1363297910.9561484-2.10.1
  • openstack-nova-volume >= 2012.2.4+git.1363297910.9561484-2.10.1
  • python-greenlet >= 0.4.0-3.3.1
  • python-greenlet-debuginfo >= 0.4.0-3.3.1
  • python-greenlet-debugsource >= 0.4.0-3.3.1
  • python-greenlet-devel >= 0.4.0-3.3.1
  • python-nova >= 2012.2.4+git.1363297910.9561484-2.10.1
Patchnames:
openSUSE-2013-539