Bug 1004452 (CVE-2013-4294)

Summary: CVE-2013-4294 OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, chrisw, dallan, gkotton, hateya, jrusnack, lhh, markmc, osoukup, rbryant, sclewis, security-response-team, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-25 17:59:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1004461, 1004462, 1004463    
Bug Blocks: 1004460    
Attachments:
Description Flags
CVE-2013-4294-folsom.patch
none
CVE-2013-4294-grizzly.patch none

Description Kurt Seifried 2013-09-04 16:24:39 UTC 
Thierry Carrez reports:

Title: Token revocation failure using Keystone memcache/KVS backends
Reporter: Kieran Spear (University of Melbourne)
Products: Keystone
Affects: Folsom, Grizzly

Description:
Kieran Spear from the University of Melbourne reported a vulnerability
in Keystone memcache and KVS token backends. The PKI token revocation
lists stored the entire token instead of the token ID, triggering
comparison failures, ultimately resulting in revoked PKI tokens still
being considered valid. Only Folsom and Grizzly Keystone setups making
use of PKI tokens with the memcache or KVS token backends are affected.
Havana setups, setups using UUID tokens, or setups using PKI tokens with
the SQL token backend are all unaffected.
Comment 1 Kurt Seifried 2013-09-04 16:26:37 UTC 
Created attachment 793753 [details]
CVE-2013-4294-folsom.patch
Comment 2 Kurt Seifried 2013-09-04 16:27:52 UTC 
Created attachment 793754 [details]
CVE-2013-4294-grizzly.patch
Comment 5 Vincent Danen 2013-09-11 15:52:51 UTC 
This is now public:

http://www.openwall.com/lists/oss-security/2013/09/11/5
Comment 6 Alan Pevec 2013-09-12 22:49:14 UTC 
> This is now public:

Please create [fedora-all] clone.
Comment 8 errata-xmlrpc 2013-09-25 16:18:44 UTC 
This issue has been addressed in following products:

  OpenStack 3 for RHEL 6

Via RHSA-2013:1285 https://rhn.redhat.com/errata/RHSA-2013-1285.html