CVE-2012-2681 - Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses p

CVE-2012-2681

Summary

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.

References

Vulnerable Configurations

cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5192-4:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5192-4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

redhat via4

advisories

rhsa
id RHSA-2012:1278
rhsa
id RHSA-2012:1281

rpms

condor-0:7.6.5-0.22.el5
condor-aviary-0:7.6.5-0.22.el5
condor-classads-0:7.6.5-0.22.el5
condor-debuginfo-0:7.6.5-0.22.el5
condor-kbdd-0:7.6.5-0.22.el5
condor-qmf-0:7.6.5-0.22.el5
condor-vm-gahp-0:7.6.5-0.22.el5
condor-wallaby-base-db-0:1.23-1.el5
condor-wallaby-client-0:4.1.3-1.el5
condor-wallaby-tools-0:4.1.3-1.el5
cumin-0:0.1.5444-3.el5
python-wallaby-0:0.12.5-10.el5
python-wallabyclient-0:4.1.3-1.el5
ruby-wallaby-0:0.12.5-10.el5
sesame-0:1.0-4.el5
sesame-debuginfo-0:1.0-4.el5
wallaby-0:0.12.5-10.el5
wallaby-utils-0:0.12.5-10.el5
condor-0:7.6.5-0.22.el6
condor-aviary-0:7.6.5-0.22.el6
condor-classads-0:7.6.5-0.22.el6
condor-cluster-resource-agent-0:7.6.5-0.22.el6
condor-debuginfo-0:7.6.5-0.22.el6
condor-deltacloud-gahp-0:7.6.5-0.22.el6
condor-kbdd-0:7.6.5-0.22.el6
condor-plumage-0:7.6.5-0.22.el6
condor-qmf-0:7.6.5-0.22.el6
condor-vm-gahp-0:7.6.5-0.22.el6
condor-wallaby-base-db-0:1.23-1.el6
condor-wallaby-client-0:4.1.3-1.el6
condor-wallaby-tools-0:4.1.3-1.el6
cumin-0:0.1.5444-3.el6
deltacloud-core-0:0.5.0-10.el6_2
deltacloud-core-doc-0:0.5.0-10.el6_2
deltacloud-core-rhevm-0:0.5.0-10.el6_2
libdeltacloud-0:0.9-1.el6
libdeltacloud-debuginfo-0:0.9-1.el6
libdeltacloud-devel-0:0.9-1.el6
python-wallaby-0:0.12.5-10.el6
python-wallabyclient-0:4.1.3-1.el6
ruby-hpricot-0:0.8.4-2.el6
ruby-json-0:1.4.6-10.el6
ruby-nokogiri-0:1.5.0-0.8.beta4.el6
ruby-wallaby-0:0.12.5-10.el6
rubygem-daemons-0:1.1.4-2.el6
rubygem-eventmachine-0:0.12.10-7.el6
rubygem-eventmachine-debuginfo-0:0.12.10-7.el6
rubygem-fssm-0:0.2.7-1.el6
rubygem-haml-0:3.1.2-2.el6
rubygem-hpricot-0:0.8.4-2.el6
rubygem-hpricot-debuginfo-0:0.8.4-2.el6
rubygem-hpricot-doc-0:0.8.4-2.el6
rubygem-json-0:1.4.6-10.el6
rubygem-json-debuginfo-0:1.4.6-10.el6
rubygem-maruku-0:0.6.0-4.el6
rubygem-mime-types-0:1.16-4.el6_0
rubygem-mime-types-doc-0:1.16-4.el6_0
rubygem-mocha-0:0.9.7-4.el6
rubygem-net-ssh-0:2.0.23-6.el6_0
rubygem-net-ssh-doc-0:2.0.23-6.el6_0
rubygem-nokogiri-0:1.5.0-0.8.beta4.el6
rubygem-nokogiri-debuginfo-0:1.5.0-0.8.beta4.el6
rubygem-nokogiri-doc-0:1.5.0-0.8.beta4.el6
rubygem-rack-1:1.3.0-2.el6
rubygem-rack-accept-0:0.4.3-6.el6_0
rubygem-rack-accept-doc-0:0.4.3-6.el6_0
rubygem-rack-test-0:0.6.1-1.el6
rubygem-rake-0:0.8.7-2.1.el6
rubygem-rest-client-0:1.6.1-2.el6_0
rubygem-sass-0:3.1.4-4.el6
rubygem-sass-doc-0:3.1.4-4.el6
rubygem-sinatra-1:1.2.6-2.el6
rubygem-syntax-0:1.0.0-4.el6
rubygem-thin-0:1.2.11-3.el6
rubygem-thin-debuginfo-0:1.2.11-3.el6
rubygem-thin-doc-0:1.2.11-3.el6
rubygem-tilt-0:1.3.2-3.el6
rubygem-tilt-doc-0:1.3.2-3.el6
rubygem-yard-0:0.7.2-1.el6
rubygems-0:1.8.16-1.el6
sesame-0:1.0-6.el6
sesame-debuginfo-0:1.0-6.el6
wallaby-0:0.12.5-10.el6
wallaby-utils-0:0.12.5-10.el6

refmap via4

bid	55618
misc	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558
secunia	50660
xf	cumin-redhat-weak-security(78771)

Last major update

29-08-2017 - 01:31

Published

28-09-2012 - 17:55

Last modified

29-08-2017 - 01:31