LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

keystone: privilege escalation

Package(s):keystone CVE #(s):CVE-2012-4413
Created:September 13, 2012 Updated:September 19, 2012
Description:

From the Ubuntu advisory:

Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.

Alerts:
Ubuntu USN-1564-1 2012-09-12
Fedora FEDORA-2012-13075 2012-10-03
Red Hat RHSA-2012:1378-01 2012-10-16
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds