CVE-2010-4568 Information

Description

Bugzilla 2.14 through 2.22.7; 3.0.x 3.1.x and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors related to an insufficient number of calls to the srand function.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html http://osvdb.org/70700 http://secunia.com/advisories/43033 http://secunia.com/advisories/43165 http://www.bugzilla.org/security/3.2.9/ http://www.debian.org/security/2011/dsa-2322 http://www.securityfocus.com/bid/45982 http://www.vupen.com/english/advisories/2011/0207 http://www.vupen.com/english/advisories/2011/0271 https://bugzilla.mozilla.org/attachment.cgi?id=506031&action=diff https://bugzilla.mozilla.org/show_bug.cgi?id=619594 https://bugzilla.mozilla.org/show_bug.cgi?id=621591 https://exchange.xforce.ibmcloud.com/vulnerabilities/65001