CVE-2012-4457

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-4457 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Jason Xu.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-4457

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* OpenStack Keystone Red Hat Fedora 17

Successful exploits may allow authenticated attackers to bypass certain intended security restrictions and perform unauthorized actions which may aid in launching further attacks.This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. It was found that the Keystone administrative API was missing authentication for certain actions. Users able to access the Keystone administrative API could use this flaw to add, start, and stop services, as well as list the roles for any user. (CVE-2012-4456)

It was found that Keystone incorrectly handled disabled tenants. A user belonging to a disabled tenant could use this flaw to continue accessing resources as if the tenant were not disabled. (CVE-2012-4457)

CVE Information:
CVE-2012-4456
CVE-2012-4457

Disclosure Timeline:
Published: Sep 28 2012 12:00AM
Updated: Oct 17 2012 02:30P

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus