Launchpad CVE tracker

CVE 2013-0247

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.

Related bugs and status

CVE-2013-0247 (Candidate) is related to these bugs:

Bug #1046905: Memcached Token Backend does not support list tokens

		In	Importance	Status
1046905	Memcached Token Backend does not support list tokens	OpenStack Identity (keystone)	Critical	Fix Released
1046905	Memcached Token Backend does not support list tokens	OpenStack Identity (keystone) essex	Critical	Fix Released
1046905	Memcached Token Backend does not support list tokens	keystone (Ubuntu)	Undecided	Fix Released
1046905	Memcached Token Backend does not support list tokens	keystone (Ubuntu Precise)	Undecided	Fix Released

Bug #1050025: Token invalidation in case of role grant/revoke should be limited to affected tenant

		In	Importance	Status
1050025	Token invalidation in case of role grant/revoke should be limited to affected tenant	OpenStack Identity (keystone)	Medium	Fix Released
1050025	Token invalidation in case of role grant/revoke should be limited to affected tenant	OpenStack Identity (keystone) essex	Medium	Fix Released
1050025	Token invalidation in case of role grant/revoke should be limited to affected tenant	keystone (Ubuntu)	Undecided	Fix Released
1050025	Token invalidation in case of role grant/revoke should be limited to affected tenant	keystone (Ubuntu Precise)	Undecided	Fix Released

Bug #1056373: memcache driver needs protection against unicode user keys

		In	Importance	Status
1056373	memcache driver needs protection against unicode user keys	OpenStack Identity (keystone)	Critical	Fix Released
1056373	memcache driver needs protection against unicode user keys	OpenStack Identity (keystone) essex	Critical	Fix Released
1056373	memcache driver needs protection against unicode user keys	keystone (Ubuntu)	Undecided	Fix Released
1056373	memcache driver needs protection against unicode user keys	keystone (Ubuntu Precise)	Undecided	Fix Released

Bug #1089488: Meta bug for tracking Openstack Stable Updates

		In	Importance	Status
1089488	Meta bug for tracking Openstack Stable Updates	nova (Ubuntu)	Undecided	Invalid
1089488	Meta bug for tracking Openstack Stable Updates	horizon (Ubuntu)	Undecided	Invalid
1089488	Meta bug for tracking Openstack Stable Updates	keystone (Ubuntu)	Undecided	Invalid
1089488	Meta bug for tracking Openstack Stable Updates	horizon (Ubuntu Precise)	Undecided	Fix Released
1089488	Meta bug for tracking Openstack Stable Updates	keystone (Ubuntu Precise)	Undecided	Fix Released
1089488	Meta bug for tracking Openstack Stable Updates	nova (Ubuntu Precise)	Undecided	Fix Released
1089488	Meta bug for tracking Openstack Stable Updates	glance (Ubuntu)	Undecided	Fix Released

Bug #1098307: [OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs

		In	Importance	Status
1098307	[OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs	OpenStack Identity (keystone)	High	Fix Released
1098307	[OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs	OpenStack Identity (keystone) folsom	High	Fix Released
1098307	[OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs	OpenStack Identity (keystone) essex	High	Fix Released
1098307	[OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs	OpenStack Security Advisory	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-0247

References