CVE-2010-4568

Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.

Affected Software

Name	Vendor	Start Version	End Version
Bugzilla	Mozilla	2.14 (including)	2.14 (including)
Bugzilla	Mozilla	2.14.1 (including)	2.14.1 (including)
Bugzilla	Mozilla	2.14.2 (including)	2.14.2 (including)
Bugzilla	Mozilla	2.14.3 (including)	2.14.3 (including)
Bugzilla	Mozilla	2.14.4 (including)	2.14.4 (including)
Bugzilla	Mozilla	2.14.5 (including)	2.14.5 (including)
Bugzilla	Mozilla	2.16 (including)	2.16 (including)
Bugzilla	Mozilla	2.16-rc1 (including)	2.16-rc1 (including)
Bugzilla	Mozilla	2.16-rc2 (including)	2.16-rc2 (including)
Bugzilla	Mozilla	2.16.1 (including)	2.16.1 (including)
Bugzilla	Mozilla	2.16.2 (including)	2.16.2 (including)
Bugzilla	Mozilla	2.16.3 (including)	2.16.3 (including)
Bugzilla	Mozilla	2.16.4 (including)	2.16.4 (including)
Bugzilla	Mozilla	2.16.5 (including)	2.16.5 (including)
Bugzilla	Mozilla	2.16.6 (including)	2.16.6 (including)
Bugzilla	Mozilla	2.16.7 (including)	2.16.7 (including)
Bugzilla	Mozilla	2.16.8 (including)	2.16.8 (including)
Bugzilla	Mozilla	2.16.9 (including)	2.16.9 (including)
Bugzilla	Mozilla	2.16.10 (including)	2.16.10 (including)
Bugzilla	Mozilla	2.16.11 (including)	2.16.11 (including)
Bugzilla	Mozilla	2.17 (including)	2.17 (including)
Bugzilla	Mozilla	2.17.1 (including)	2.17.1 (including)
Bugzilla	Mozilla	2.17.3 (including)	2.17.3 (including)
Bugzilla	Mozilla	2.17.4 (including)	2.17.4 (including)
Bugzilla	Mozilla	2.17.5 (including)	2.17.5 (including)
Bugzilla	Mozilla	2.17.6 (including)	2.17.6 (including)
Bugzilla	Mozilla	2.17.7 (including)	2.17.7 (including)
Bugzilla	Mozilla	2.18 (including)	2.18 (including)
Bugzilla	Mozilla	2.18-rc1 (including)	2.18-rc1 (including)
Bugzilla	Mozilla	2.18-rc2 (including)	2.18-rc2 (including)
Bugzilla	Mozilla	2.18-rc3 (including)	2.18-rc3 (including)
Bugzilla	Mozilla	2.18.1 (including)	2.18.1 (including)
Bugzilla	Mozilla	2.18.2 (including)	2.18.2 (including)
Bugzilla	Mozilla	2.18.3 (including)	2.18.3 (including)
Bugzilla	Mozilla	2.18.4 (including)	2.18.4 (including)
Bugzilla	Mozilla	2.18.5 (including)	2.18.5 (including)
Bugzilla	Mozilla	2.18.6 (including)	2.18.6 (including)
Bugzilla	Mozilla	2.18.6+ (including)	2.18.6+ (including)
Bugzilla	Mozilla	2.19 (including)	2.19 (including)
Bugzilla	Mozilla	2.19.1 (including)	2.19.1 (including)
Bugzilla	Mozilla	2.19.2 (including)	2.19.2 (including)
Bugzilla	Mozilla	2.19.3 (including)	2.19.3 (including)
Bugzilla	Mozilla	2.20 (including)	2.20 (including)
Bugzilla	Mozilla	2.20-rc1 (including)	2.20-rc1 (including)
Bugzilla	Mozilla	2.20-rc2 (including)	2.20-rc2 (including)
Bugzilla	Mozilla	2.20.1 (including)	2.20.1 (including)
Bugzilla	Mozilla	2.20.2 (including)	2.20.2 (including)
Bugzilla	Mozilla	2.20.3 (including)	2.20.3 (including)
Bugzilla	Mozilla	2.20.4 (including)	2.20.4 (including)
Bugzilla	Mozilla	2.20.5 (including)	2.20.5 (including)
Bugzilla	Mozilla	2.20.6 (including)	2.20.6 (including)
Bugzilla	Mozilla	2.20.7 (including)	2.20.7 (including)
Bugzilla	Mozilla	2.21 (including)	2.21 (including)
Bugzilla	Mozilla	2.21.1 (including)	2.21.1 (including)
Bugzilla	Mozilla	2.21.2 (including)	2.21.2 (including)
Bugzilla	Mozilla	2.22 (including)	2.22 (including)
Bugzilla	Mozilla	2.22-rc1 (including)	2.22-rc1 (including)
Bugzilla	Mozilla	2.22.1 (including)	2.22.1 (including)
Bugzilla	Mozilla	2.22.2 (including)	2.22.2 (including)
Bugzilla	Mozilla	2.22.3 (including)	2.22.3 (including)
Bugzilla	Mozilla	2.22.4 (including)	2.22.4 (including)
Bugzilla	Mozilla	2.22.5 (including)	2.22.5 (including)
Bugzilla	Mozilla	2.22.6 (including)	2.22.6 (including)
Bugzilla	Ubuntu	dapper	*
Bugzilla	Ubuntu	hardy	*
Bugzilla	Ubuntu	karmic	*
Bugzilla	Ubuntu	lucid	*
Bugzilla	Ubuntu	maverick	*
Bugzilla	Ubuntu	oneiric	*
Bugzilla	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-4568
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References