Bug 676450 (CVE-2010-4728)

Summary: CVE-2010-4728 zikula: predictable random number generation
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: david
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 21:47:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 676457, 676458    
Bug Blocks:    

Description Vincent Danen 2011-02-09 22:08:31 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4728 to
the following vulnerability:

Name: CVE-2010-4728
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4728
Assigned: 20110208
Reference: http://code.zikula.org/core/ticket/2009

Zikula before 1.3.1 uses the rand and srand PHP functions for random
number generation, which makes it easier for remote attackers to
defeat protection mechanisms based on randomization by predicting a
return value, as demonstrated by the authid protection mechanism.
Comment 1 Vincent Danen 2011-02-09 22:24:03 UTC 
Created zikula tracking bugs for this issue

Affects: fedora-all [bug 676457]
Affects: epel-all [bug 676458]