Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-2157

Published: 13 June 2013

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

Notes

AuthorNote
seth-arnold 
patches in Message-ID: <51B1A6BC.9050307@openstack.org>
jdstrand 
12.04 LTS does not have 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723
which is required to be exposed to this bug (ie anonymous binds fail without
it)
If 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 is applied then the
patch for folsom will work with some light modifications.

Priority

Medium

Status

Package Release Status
keystone
Launchpad, Ubuntu, Debian 		lucid Does not exist

precise Not vulnerable

quantal
Released (2012.2.4-0ubuntu3.1)
raring
Released (1:2013.1.1-0ubuntu2.1)
upstream
Released (1:2013.2~rc4)
Patches:
upstream: https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff;h=35eb7bbc0d28721122c25a64ab687af23ecf6000
upstream: https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff;h=c100fd2f1fe024cb2f731bfdd283cee36259e6e3

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading