Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0486

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0486
Last Modified 25 Mar 2009 01:50:25
Published 09 Feb 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0486

Summary

Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.

Vulnerable Systems

Application

  • Mozilla Bugzilla 3.0.7

  • Mozilla Bugzilla 3.2.1

  • Mozilla Bugzilla 3.3.2


References

FEDORA - FEDORA-2009-2417

FEDORA - FEDORA-2009-2418

BID - 33581

CONFIRM - http://www.bugzilla.org/security/3.0.7/

SECUNIA - 34361


Last Updated: 27 May 2016 10:50:16