Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Mrg
Trevor Mckay
  • Cumin

Configuration 1 [-]

OR cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
MRG for RHEL-5 v. 2
condor-0:7.6.5-0.22.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
condor-wallaby-0:4.1.3-1.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
condor-wallaby-base-db-0:1.23-1.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
cumin-0:0.1.5444-3.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
sesame-0:1.0-4.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
wallaby-0:0.12.5-10.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
Red Hat Enterprise MRG 2
condor-0:7.6.5-0.22.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
condor-wallaby-0:4.1.3-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
condor-wallaby-base-db-0:1.23-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
cumin-0:0.1.5444-3.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
deltacloud-core-0:0.5.0-10.el6_2 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
libdeltacloud-0:0.9-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-daemons-0:1.1.4-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-eventmachine-0:0.12.10-7.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-fssm-0:0.2.7-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-haml-0:3.1.2-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-hpricot-0:0.8.4-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-json-0:1.4.6-10.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-maruku-0:0.6.0-4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-mime-types-0:1.16-4.el6_0 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-mocha-0:0.9.7-4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-net-ssh-0:2.0.23-6.el6_0 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-nokogiri-0:1.5.0-0.8.beta4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rack-1:1.3.0-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rack-accept-0:0.4.3-6.el6_0 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rack-test-0:0.6.1-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rake-0:0.8.7-2.1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rest-client-0:1.6.1-2.el6_0 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygems-0:1.8.16-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-sass-0:3.1.4-4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-sinatra-1:1.2.6-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-syntax-0:1.0.0-4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-thin-0:1.2.11-3.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-tilt-0:1.3.2-3.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-yard-0:0.7.2-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
sesame-0:1.0-6.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
wallaby-0:0.12.5-10.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
References
Link Providers
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-1278.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-1281.html cve-icon cve-icon
http://secunia.com/advisories/50660 cve-icon cve-icon
http://www.securityfocus.com/bid/55618 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/78771 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-2681 cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-2681 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-09-28T17:00:00

Updated: 2024-08-06T19:42:31.976Z

Reserved: 2012-05-14T00:00:00

Link: CVE-2012-2681

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-09-28T17:55:00.787

Modified: 2024-11-21T01:39:26.177

Link: CVE-2012-2681

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-09-19T00:00:00Z

Links: CVE-2012-2681 - Bugzilla