LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

keystone: privilege escalation

Package(s):keystone CVE #(s):CVE-2012-4413
Created:September 13, 2012 Updated:September 19, 2012
Description:

From the Ubuntu advisory:

Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.

Alerts:
Ubuntu USN-1564-1 2012-09-12
Fedora FEDORA-2012-13075 2012-10-03
Red Hat RHSA-2012:1378-01 2012-10-16
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds