Vulnerability in keystone (CVE-2012-3426)
Summary
vulnerability in keystone (CVE-2012-3426). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `ea03d05ed5de0c015042876100d37a6a14bf56de, 628149b3dc6b58b91fd08e6ca8d91c728ccb8626, 375838cfceb88cacc312ff6564e64eb18ee6a355, d9600434da14976463a0bd03abd8e0309f0db454, 29e74e73a6e51cffc0371b32354558391826a4aa, a67b24878a6156eab17b9098fa649f0279256f5d` or later.
AI summary snake-internal / snake-material-v2
Response Actions (7 steps)
Concrete steps and command examples for SOC/SRE teams to execute in order
-
1Identify exposure identify
grep -r 'keystone' . | grep -v node_modulesリポジトリと本番環境の依存ファイル (package-lock.json / requirements.txt / go.sum / Gemfile.lock 等) で `keystone` を grep し、稼働しているサービス・バージョンを把握する。
-
6Apply patch patch
Upgrade keystone to ea03d05ed5de0c015042876100d37a6a14bf56de, 628149b3dc6b58b91fd08e6ca8d91c728ccb8626, 375838cfceb88cacc312ff6564e64eb18ee6a355, d9600434da14976463a0bd03abd8e0309f0db454, 29e74e73a6e51cffc0371b32354558391826a4aa, a67b24878a6156eab17b9098fa649f0279256f5dステージング環境で ea03d05ed5de0c015042876100d37a6a14bf56de, 628149b3dc6b58b91fd08e6ca8d91c728ccb8626, 375838cfceb88cacc312ff6564e64eb18ee6a355, d9600434da14976463a0bd03abd8e0309f0db454, 29e74e73a6e51cffc0371b32354558391826a4aa, a67b24878a6156eab17b9098fa649f0279256f5d に上げて回帰テスト → 本番反映。回帰テストはアプリの主要ハッピーパスと、Step 3 で見つけた異常検知の続報チェックを含めること。
-
7Post-deployment verification verify
Confirm patched version is live in productionパッチ適用後、ステージングで PoC または同等の悪用パターンを再現して脆弱性が閉じたことを確認。本番では Step 3 と同じログクエリでアラート再発が無いか継続監視。
Affected packages
References
- advisory http://www.ubuntu.com/usn/USN-1552-1
- advisory http://secunia.com/advisories/50045
- advisory http://secunia.com/advisories/50494
- advisory https://github.com/advisories/GHSA-xp97-6w7r-4cjc
- patch http://www.openwall.com/lists/oss-security/2012/07/27/4
- patch https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
- patch http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
- patch http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
- patch http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
- patch http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
- patch http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
- patch http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
- web https://bugs.launchpad.net/keystone/+bug/998185
- web https://bugs.launchpad.net/keystone/+bug/997194
- web https://bugs.launchpad.net/keystone/+bug/996595