CVE-2012-3426
Description
OpenStack Keystone token expiration issues
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-3426
Vendor advisory: secalert@redhat.com — https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
Vendor advisory: secalert@redhat.com — http://www.openwall.com/lists/oss-security/2012/07/27/4
Vendor advisory: secalert@redhat.com — http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
Vendor advisory: secalert@redhat.com — http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
Vendor advisory: secalert@redhat.com — http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2012.1.1-1 |
| debian | bullseye | fixed | 2012.1.1-1 |
| debian | forky | fixed | 2012.1.1-1 |
| debian | sid | fixed | 2012.1.1-1 |
| debian | trixie | fixed | 2012.1.1-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | keystone | <8.0.0a0 | 8.0.0a0 |
References
- http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
- http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
- http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
- http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
- http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
- http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
- http://secunia.com/advisories/50045
- http://secunia.com/advisories/50494
- http://www.openwall.com/lists/oss-security/2012/07/27/4
- http://www.ubuntu.com/usn/USN-1552-1
- https://bugs.launchpad.net/keystone/+bug/996595
- https://bugs.launchpad.net/keystone/+bug/997194
- https://bugs.launchpad.net/keystone/+bug/998185
- https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
- https://nvd.nist.gov/vuln/detail/CVE-2012-3426
- https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
- https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
- https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
- https://github.com/openstack/keystone
- https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml
- https://security-tracker.debian.org/tracker/CVE-2012-3426
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.