Test ID:	1.3.6.1.4.1.25623.1.0.841606
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2002-1)
Summary:	The remote host is missing an update for the 'keystone' package(s) announced via the USN-2002-1 advisory.
Description:	Summary: The remote host is missing an update for the 'keystone' package(s) announced via the USN-2002-1 advisory. Vulnerability Insight: Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. (CVE-2013-4222) Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when using the memcache and KVS backends. An authenticated attacker could exploit this to bypass intended access restrictions. (CVE-2013-4294) Affected Software/OS: 'keystone' package(s) on Ubuntu 12.10, Ubuntu 13.04. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4222 FEDORA-2013-16551 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116489.html RHSA-2013:1524 http://rhn.redhat.com/errata/RHSA-2013-1524.html USN-2002-1 http://www.ubuntu.com/usn/USN-2002-1 https://bugs.launchpad.net/ossn/+bug/1179955 Common Vulnerability Exposure (CVE) ID: CVE-2013-4294 54706 http://secunia.com/advisories/54706 97237 http://osvdb.org/97237 RHSA-2013:1285 http://rhn.redhat.com/errata/RHSA-2013-1285.html [oss-security] 20130911 [OSSA 2013-025] Token revocation failure using Keystone memcache/KVS backends (CVE-2013-4294) http://seclists.org/oss-sec/2013/q3/586 https://bugs.launchpad.net/keystone/+bug/1202952
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.