Lucene search
RootSSV:60850HistoryJun 25, 2013 - 12:00 a.m.
OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)
2013-06-2500:00:00
Root
www.seebug.org
12
0.01 Low
EPSS
Percentile
83.5%
Bugtraq ID:60680
CVE ID:CVE-2013-2167
OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。
OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞,允许可直接对memcache后端(或在中间人位置)进行写访问的攻击者注入恶意数据来绕过签名安全策略。
在Keystone中间件(指定memcache_servers)中使用memcache缓存和使用ENCRYPT或MAC作为它们的memcache_security_strategy的系统受此漏洞影响。
0
python-keystoneclient 0.2.3 - 0.2.5
厂商解决方案
用户可参考如下厂商提供的安全公告获得补丁信息:
https://bugs.launchpad.net/python-keystoneclient/+bug/1175368
Related
veracode
veracode
Encryption And Signing Bypass
2019-05-02 04:45:53
osv
osv
PYSEC-2019-161
2019-12-10 15:15:00
Insufficient Verification of Data Authenticity in python-keystoneclient
2020-03-10 20:39:05
cvelist
cvelist
CVE-2013-2167
2019-12-10 14:22:03
prion
prion
Security feature bypass
2019-12-10 15:15:00
debiancve
debiancve
CVE-2013-2167
2019-12-10 15:15:11
nvd
nvd
CVE-2013-2167
2019-12-10 15:15:11
cve
cve
CVE-2013-2167
2019-12-10 15:15:11
github
github
Insufficient Verification of Data Authenticity in python-keystoneclient
2020-03-10 20:39:05
redhat
redhat
ubuntucve
ubuntucve
CVE-2013-2166
2019-12-10 00:00:00
CVE-2013-2167
2019-12-10 00:00:00
nessus
nessus
Fedora 19 : python-keystoneclient-0.2.3-7.fc19 (2013-14302)
2013-08-15 00:00:00
openvas
openvas
Fedora Update for python-keystoneclient FEDORA-2013-14302
2013-08-20 00:00:00
Fedora Update for python-keystoneclient FEDORA-2013-14302
2013-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: python-keystoneclient-0.2.3-7.fc19
2013-08-15 02:35:03