Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5483

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-5483
Last Modified 11 Jan 2013 12:00:00
Published 26 Dec 2012 05:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-5483

Summary

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.

Vulnerable Systems

Application

  • Openstack Keystone 2012.1.3


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=873447

XF - keystone-secret-key-info-disc(80612)

BID - 56888

REDHAT - RHSA-2012:1556

FEDORA - FEDORA-2012-19341


Last Updated: 27 May 2016 11:01:30