Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-2157

Publication date 13 June 2013

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

Read the notes from the security team

Status

Package Ubuntu Release Status
keystone 13.04 raring
Fixed 1:2013.1.1-0ubuntu2.1
12.10 quantal
Fixed 2012.2.4-0ubuntu3.1
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release

Notes

seth-arnold

patches in Message-ID: <51B1A6BC.9050307@openstack.org>

jdstrand

12.04 LTS does not have 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 which is required to be exposed to this bug (ie anonymous binds fail without it) If 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 is applied then the patch for folsom will work with some light modifications.

References

Related Ubuntu Security Notices (USN)

    • USN-1875-1
    • OpenStack Keystone vulnerabilities
    • 14 June 2013

Other references