Test ID:	1.3.6.1.4.1.25623.1.0.841370
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1772-1)
Summary:	The remote host is missing an update for the 'keystone' package(s) announced via the USN-1772-1 advisory.
Description:	Summary: The remote host is missing an update for the 'keystone' package(s) announced via the USN-1772-1 advisory. Vulnerability Insight: Guang Yee discovered that Keystone would not always perform all verification checks when configured to use PKI. If the keystone server was configured to use PKI and services or users requested online verification, an attacker could potentially exploit this to bypass revocation checks. Keystone uses UUID tokens by default in Ubuntu. Affected Software/OS: 'keystone' package(s) on Ubuntu 12.10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1865 52657 http://secunia.com/advisories/52657 58616 http://www.securityfocus.com/bid/58616 91532 http://osvdb.org/91532 FEDORA-2013-4590 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html RHSA-2013:0708 http://rhn.redhat.com/errata/RHSA-2013-0708.html USN-1772-1 http://www.ubuntu.com/usn/USN-1772-1 [oss-security] 20130320 [OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865) http://www.openwall.com/lists/oss-security/2013/03/20/13 https://bugs.launchpad.net/keystone/+bug/1129713 https://review.openstack.org/#/c/24906/ openSUSE-SU-2013:0565 http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.