Bug 1104524 (CVE-2014-3476)
Summary: | CVE-2014-3476 openstack-keystone: privilege escalation through trust chained delegation | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Garth Mollett <gmollett> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | high | Docs Contact: | |||||||||
Priority: | high | ||||||||||
Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, chrisw, gkotton, gmollett, lhh, markmc, nkinder, rbryant, sclewis, security-response-team, yeylon | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: |
A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles.
|
Story Points: | --- | ||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2014-08-01 05:43:56 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1104538, 1104539, 1104576, 1104577, 1108964, 1108965, 1108967 | ||||||||||
Bug Blocks: | 1104532 | ||||||||||
Attachments: |
|
Description
Garth Mollett
2014-06-04 07:58:17 UTC
Acknowledgements: This issue was discovered by Steven Hardy of Red Hat. Created attachment 904902 [details] CVE-2014-3476 patch for stable/havana Created attachment 904920 [details] CVE-2014-3476 patch for stable/icehouse Created attachment 904933 [details] CVE-2014-3476 patch for master (juno) (In reply to Vincent Danen from comment #5) > Created attachment 904902 [details] > CVE-2014-3476 patch for stable/havana There has been a minor change in posted Havana review (unit tests only): https://review.openstack.org/#/c/99703/1..2/keystone/tests/test_v3_auth.py,unified This is now public http://lists.openstack.org/pipermail/openstack-announce/2014-June/000240.html Please create Fedora clone. Created openstack-keystone tracking bugs for this issue: Affects: fedora-all [bug 1108964] Affects: epel-6 [bug 1108965] IssueDescription: A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles. This issue has been addressed in following products: OpenStack 3 for RHEL 6 OpenStack 4 for RHEL 6 Via RHSA-2014:0994 https://rhn.redhat.com/errata/RHSA-2014-0994.html openstack-keystone-2013.2.3-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |