Package: python-keystoneclient Version: 1:0.6.0-2 Severity: important Tags: security
Title: Potential context confusion in Keystone middleware Reporter: Kieran Spear (University of Melbourne) Products: python-keystoneclient Versions: All versions up to 0.6.0 Description: Kieran Spear from the University of Melbourne reported a vulnerability in Keystone auth_token middleware (shipped in python-keystoneclient). By doing repeated requests, with sufficient load on the target system, an authenticated user may in certain situations assume another authenticated user's complete identity and multi-tenant authorizations, potentially resulting in a privilege escalation. Note that it is related to a bad interaction between eventlet and python-memcached that should be avoided if the calling process already monkey-patches "thread" to use eventlet. Only keystone middleware setups using auth_token with memcache are vulnerable. Proposed patch: See attached patch. This patch has already been merged to the master branch of python-keystoneclient and will be included in the 0.7.0 release. Note from the maintainer: I have the package ready, and will upload it as soon as I have the ACK form the bug tracker. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
