PT-2012-5994 · Amazon+1 · Amazon Ec2+1

Kurt Seifried

Published

2012-12-26

Updated

2017-08-29

CVE-2012-5483

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Keystone version 2012.1.3

Description The issue allows local users to obtain access to EC2 services by reading administrative access and secret values from the /etc/keystone/ec2rc file due to its world-readable permissions when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured.

Recommendations For OpenStack Keystone version 2012.1.3, consider changing the permissions of the /etc/keystone/ec2rc file to restrict read access to authorized users only, until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-5483

RHSA-2012:1556

Affected Products

Amazon Ec2

Openstack Keystone

PT-2012-5994 · Amazon+1 · Amazon Ec2+1

CVE-2012-5483

Weakness Enumeration

Related Identifiers

Affected Products

References · 6