CVE-2011-2190

Description

The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.

Affected products

• cherokee-project / cherokee0.4.9 – 0.4.9
• cherokee-project / cherokee1.2.98
• cherokee-project / cherokee0.3.0 – 0.3.0
• cherokee-project / cherokee0.4.0 – 0.4.0
• cherokee-project / cherokee0.4.1 – 0.4.1
• cherokee-project / cherokee0.4.2 – 0.4.2
• cherokee-project / cherokee0.4.3 – 0.4.3
• cherokee-project / cherokee0.4.4 – 0.4.4
• cherokee-project / cherokee0.4.5 – 0.4.5
• cherokee-project / cherokee0.4.6 – 0.4.6
• cherokee-project / cherokee0.4.7 – 0.4.7
• cherokee-project / cherokee0.4.8 – 0.4.8
• cherokee-project / cherokee0.4.10 – 0.4.10
• cherokee-project / cherokee0.4.11 – 0.4.11
• cherokee-project / cherokee0.4.12 – 0.4.12
• cherokee-project / cherokee0.4.13 – 0.4.13
• cherokee-project / cherokee0.4.14 – 0.4.14
• cherokee-project / cherokee0.4.15 – 0.4.15
• cherokee-project / cherokee0.4.16 – 0.4.16
• cherokee-project / cherokee0.4.17 – 0.4.17
• cherokee-project / cherokee0.4.18 – 0.4.18
• cherokee-project / cherokee0.4.19 – 0.4.19
• cherokee-project / cherokee0.4.20 – 0.4.20
• cherokee-project / cherokee0.4.21 – 0.4.21
• cherokee-project / cherokee0.4.22 – 0.4.22
• cherokee-project / cherokee0.4.23 – 0.4.23
• cherokee-project / cherokee0.4.24 – 0.4.24
• cherokee-project / cherokee0.4.25 – 0.4.25
• cherokee-project / cherokee0.4.26 – 0.4.26
• cherokee-project / cherokee0.4.27 – 0.4.27
• cherokee-project / cherokee0.4.28 – 0.4.28
• cherokee-project / cherokee0.4.29 – 0.4.29
• cherokee-project / cherokee0.4.30 – 0.4.30
• cherokee-project / cherokee0.5.0 – 0.5.0
• cherokee-project / cherokee0.5.1 – 0.5.1
• cherokee-project / cherokee0.5.2 – 0.5.2
• cherokee-project / cherokee0.5.3 – 0.5.3
• cherokee-project / cherokee0.5.4 – 0.5.4
• cherokee-project / cherokee0.5.5 – 0.5.5
• cherokee-project / cherokee0.5.6 – 0.5.6
• cherokee-project / cherokee0.6.0 – 0.6.0
• cherokee-project / cherokee0.6.1 – 0.6.1
• cherokee-project / cherokee0.7.0 – 0.7.0
• cherokee-project / cherokee0.7.1 – 0.7.1
• cherokee-project / cherokee0.7.2 – 0.7.2
• cherokee-project / cherokee0.8.0 – 0.8.0
• cherokee-project / cherokee0.8.1 – 0.8.1
• cherokee-project / cherokee0.9.0 – 0.9.0
• cherokee-project / cherokee0.9.1 – 0.9.1
• cherokee-project / cherokee0.9.2 – 0.9.2
• cherokee-project / cherokee0.9.3 – 0.9.3
• cherokee-project / cherokee0.9.4 – 0.9.4
• cherokee-project / cherokee0.10.0 – 0.10.0
• cherokee-project / cherokee0.10.1 – 0.10.1
• cherokee-project / cherokee0.11.0 – 0.11.0
• cherokee-project / cherokee0.11.1 – 0.11.1
• cherokee-project / cherokee0.11.2 – 0.11.2
• cherokee-project / cherokee0.11.3 – 0.11.3
• cherokee-project / cherokee0.11.4 – 0.11.4
• cherokee-project / cherokee0.11.5 – 0.11.5
• cherokee-project / cherokee0.11.6 – 0.11.6
• cherokee-project / cherokee0.98.0 – 0.98.0
• cherokee-project / cherokee0.98.1 – 0.98.1
• cherokee-project / cherokee0.99.0 – 0.99.0
• cherokee-project / cherokee0.99.1 – 0.99.1
• cherokee-project / cherokee0.99.2 – 0.99.2
• cherokee-project / cherokee0.99.3 – 0.99.3
• cherokee-project / cherokee0.99.4 – 0.99.4
• cherokee-project / cherokee0.99.5 – 0.99.5
• cherokee-project / cherokee0.99.6 – 0.99.6
• cherokee-project / cherokee0.99.07 – 0.99.07
• cherokee-project / cherokee0.99.8 – 0.99.8
• cherokee-project / cherokee0.99.9 – 0.99.9
• cherokee-project / cherokee0.99.10 – 0.99.10
• cherokee-project / cherokee0.99.11 – 0.99.11
• cherokee-project / cherokee0.99.12 – 0.99.12
• cherokee-project / cherokee0.99.13 – 0.99.13
• cherokee-project / cherokee0.99.14 – 0.99.14
• cherokee-project / cherokee0.99.15 – 0.99.15
• cherokee-project / cherokee0.99.16 – 0.99.16
• cherokee-project / cherokee0.99.17 – 0.99.17
• cherokee-project / cherokee0.99.18 – 0.99.18
• cherokee-project / cherokee0.99.19 – 0.99.19
• cherokee-project / cherokee0.99.20 – 0.99.20
• cherokee-project / cherokee0.99.21 – 0.99.21
• cherokee-project / cherokee0.99.22 – 0.99.22
• cherokee-project / cherokee0.99.23 – 0.99.23
• cherokee-project / cherokee0.99.24 – 0.99.24
• cherokee-project / cherokee0.99.25 – 0.99.25
• cherokee-project / cherokee0.99.26 – 0.99.26
• cherokee-project / cherokee0.99.27 – 0.99.27
• cherokee-project / cherokee0.99.28 – 0.99.28
• cherokee-project / cherokee0.99.29 – 0.99.29
• cherokee-project / cherokee0.99.30 – 0.99.30
• cherokee-project / cherokee0.99.31 – 0.99.31
• cherokee-project / cherokee0.99.32 – 0.99.32
• cherokee-project / cherokee0.99.33 – 0.99.33
• cherokee-project / cherokee0.99.34 – 0.99.34
• cherokee-project / cherokee0.99.35 – 0.99.35
• cherokee-project / cherokee0.99.36 – 0.99.36
• cherokee-project / cherokee0.99.37 – 0.99.37
• cherokee-project / cherokee0.99.38 – 0.99.38
• cherokee-project / cherokee0.99.39 – 0.99.39
• cherokee-project / cherokee0.99.40 – 0.99.40
• cherokee-project / cherokee0.99.41 – 0.99.41
• cherokee-project / cherokee0.99.42 – 0.99.42
• cherokee-project / cherokee0.99.43 – 0.99.43
• cherokee-project / cherokee0.99.44 – 0.99.44
• cherokee-project / cherokee0.99.45 – 0.99.45
• cherokee-project / cherokee0.99.46 – 0.99.46
• cherokee-project / cherokee0.99.47 – 0.99.47
• cherokee-project / cherokee0.99.48 – 0.99.48
• cherokee-project / cherokee0.99.49 – 0.99.49
• cherokee-project / cherokee1.0.0 – 1.0.0
• cherokee-project / cherokee1.0.1 – 1.0.1
• cherokee-project / cherokee1.0.2 – 1.0.2
• cherokee-project / cherokee1.0.3 – 1.0.3
• cherokee-project / cherokee1.0.4 – 1.0.4
• cherokee-project / cherokee1.0.5 – 1.0.5
• cherokee-project / cherokee1.0.6 – 1.0.6
• cherokee-project / cherokee1.0.7 – 1.0.7
• cherokee-project / cherokee1.0.8 – 1.0.8
• cherokee-project / cherokee1.0.9 – 1.0.9
• cherokee-project / cherokee1.0.10 – 1.0.10
• cherokee-project / cherokee1.0.11 – 1.0.11
• cherokee-project / cherokee1.0.12 – 1.0.12
• cherokee-project / cherokee1.0.13 – 1.0.13
• cherokee-project / cherokee1.0.14 – 1.0.14
• cherokee-project / cherokee1.0.15 – 1.0.15
• cherokee-project / cherokee1.0.16 – 1.0.16
• cherokee-project / cherokee1.0.17 – 1.0.17
• cherokee-project / cherokee1.0.18 – 1.0.18
• cherokee-project / cherokee1.0.19 – 1.0.19
• cherokee-project / cherokee1.0.20 – 1.0.20
• cherokee-project / cherokee1.2.0 – 1.2.0
• cherokee-project / cherokee1.2.1 – 1.2.1
• cherokee-project / cherokee1.2.2 – 1.2.2

References

• MISChttp://www.securityfocus.com/bid/49772
• MISChttp://code.google.com/p/cherokee/issues/detail?id=1212
• MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2011/06/03/4
• MISChttp://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=713304
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2011/06/06/21