Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cumin | Trevor_mckay | * | 0.1.5192-4 (including) |
| Cumin | Trevor_mckay | 0.1.3160-1 (including) | 0.1.3160-1 (including) |
| Cumin | Trevor_mckay | 0.1.4369-1 (including) | 0.1.4369-1 (including) |
| Cumin | Trevor_mckay | 0.1.4410-2 (including) | 0.1.4410-2 (including) |
| Cumin | Trevor_mckay | 0.1.4494-1 (including) | 0.1.4494-1 (including) |
| Cumin | Trevor_mckay | 0.1.4794-1 (including) | 0.1.4794-1 (including) |
| Cumin | Trevor_mckay | 0.1.4916-1 (including) | 0.1.4916-1 (including) |
| Cumin | Trevor_mckay | 0.1.5098-2 (including) | 0.1.5098-2 (including) |
| Cumin | Trevor_mckay | 0.1.5192-1 (including) | 0.1.5192-1 (including) |
| Enterprise_mrg | Redhat | 2.0 (including) | 2.0 (including) |
| MRG for RHEL-5 v. 2 | RedHat | condor-0:7.6.5-0.22.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-wallaby-0:4.1.3-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-wallaby-base-db-0:1.23-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | cumin-0:0.1.5444-3.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | sesame-0:1.0-4.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | wallaby-0:0.12.5-10.el5 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-0:7.6.5-0.22.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-wallaby-0:4.1.3-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-wallaby-base-db-0:1.23-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | cumin-0:0.1.5444-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | deltacloud-core-0:0.5.0-10.el6_2 | * |
| Red Hat Enterprise MRG 2 | RedHat | libdeltacloud-0:0.9-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-daemons-0:1.1.4-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-eventmachine-0:0.12.10-7.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-fssm-0:0.2.7-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-haml-0:3.1.2-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-hpricot-0:0.8.4-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-json-0:1.4.6-10.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-maruku-0:0.6.0-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-mime-types-0:1.16-4.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-mocha-0:0.9.7-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-net-ssh-0:2.0.23-6.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-nokogiri-0:1.5.0-0.8.beta4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-1:1.3.0-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-accept-0:0.4.3-6.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-test-0:0.6.1-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rake-0:0.8.7-2.1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rest-client-0:1.6.1-2.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygems-0:1.8.16-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-sass-0:3.1.4-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-sinatra-1:1.2.6-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-syntax-0:1.0.0-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-thin-0:1.2.11-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-tilt-0:1.3.2-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-yard-0:0.7.2-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | sesame-0:1.0-6.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | wallaby-0:0.12.5-10.el6 | * |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78771
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78771