CVE-2014-5251 - OpenCVE

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Openstack	Keystone

Configuration 1 [-]

OR	cpe:2.3:a:openstack:keystone:2014.1:::::::*
	cpe:2.3:a:openstack:keystone:2014.1.2:::::::*
	cpe:2.3:a:openstack:keystone:juno-1:::::::*
	cpe:2.3:a:openstack:keystone:juno-2:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2014-1121.html
http://rhn.redhat.com/errata/RHSA-2014-1122.html
http://www.openwall.com/lists/oss-security/2014/08/15/6
http://www.ubuntu.com/usn/USN-2324-1
https://bugs.launchpad.net/keystone/+bug/1347961

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-08-25T14:00:00

Updated: 2014-10-06T12:57:01

Reserved: 2014-08-15T00:00:00

Link: CVE-2014-5251

JSON object: View

NVD Information

Status : Modified

Published: 2014-08-25T14:55:07.033

Modified: 2014-10-10T05:23:50.467

Link: CVE-2014-5251

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-10-06T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2014:1121", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html"}, {"name": "RHSA-2014:1122", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/keystone/+bug/1347961"}, {"name": "USN-2324-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2324-1"}, {"name": "[oss-security] 20140815 [OSSA 2014-026] Multiple vulnerabilities in Keystone revocation events (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/08/15/6"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5251", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2014:1121", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html"}, {"name": "RHSA-2014:1122", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html"}, {"name": "https://bugs.launchpad.net/keystone/+bug/1347961", "refsource": "MISC", "url": "https://bugs.launchpad.net/keystone/+bug/1347961"}, {"name": "USN-2324-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2324-1"}, {"name": "[oss-security] 20140815 [OSSA 2014-026] Multiple vulnerabilities in Keystone revocation events (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/08/15/6"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-5251", "datePublished": "2014-08-25T14:00:00", "dateReserved": "2014-08-15T00:00:00", "dateUpdated": "2014-10-06T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "matchCriteriaId": "D1D0FFC2-E748-4611-AB1A-EAF6F49F4212", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "10944579-0B9C-4493-86E0-F537EA97DA1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "matchCriteriaId": "1776BC45-43E1-4EE3-B444-4DAA8D514B2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "matchCriteriaId": "7C7DB928-BC40-452F-8BB1-E06D438ACBD5", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token."}, {"lang": "es", "value": "El controlador de los tokens MySQL en OpenStack Identity (Keystone) 2014.1.x anterior a 2014.1.2.1 y Juno anterior a Juno-3 almacena las marcas del tiempo (timestamps) con la precisi\u00f3n incorrecta, lo que causa que falle la comparaci\u00f3n de la caducidad para los tokens y permite a usuarios remotos autenticados conservar el acceso a trav\u00e9s de un token caducado."}], "id": "CVE-2014-5251", "lastModified": "2014-10-10T05:23:50.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-25T14:55:07.033", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/08/15/6"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2324-1"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/keystone/+bug/1347961"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}