Lucene search

K

[email protected]CVE-2008-2107

HistoryMay 07, 2008 - 9:20 p.m.

CVE-2008-2107

2008-05-0721:20:00

CWE-189

[email protected]

web.nvd.nist.gov

63

php

generate_seed

vulnerability

nvd

rand function

mt_rand function

context-dependent attackers

protection mechanisms

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

CPENameOperatorVersion
php:phpphpeq5.1.5
php:phpphpeq5.1.2
php:phpphpeq5.1.1
php:phpphpeq5.0.0
php:phpphpeq5.1.6
php:phpphpeq5.2.2
php:phpphpeq5.0.5
php:phpphpeq5.0.1
php:phpphpeq5.1.4
php:phpphpeq5.0.4

Rows per page:

1-10 of 201

References

archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html

lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

secunia.com/advisories/30757

secunia.com/advisories/30828

secunia.com/advisories/30967

secunia.com/advisories/31119

secunia.com/advisories/31124

secunia.com/advisories/31200

secunia.com/advisories/32746

secunia.com/advisories/35003

security.gentoo.org/glsa/glsa-200811-05.xml

securityreason.com/securityalert/3859

www.debian.org/security/2009/dsa-1789

www.mandriva.com/security/advisories?name=MDVSA-2008:125

www.mandriva.com/security/advisories?name=MDVSA-2008:126

www.mandriva.com/security/advisories?name=MDVSA-2008:127

www.mandriva.com/security/advisories?name=MDVSA-2008:128

www.mandriva.com/security/advisories?name=MDVSA-2008:129

www.mandriva.com/security/advisories?name=MDVSA-2008:130

www.redhat.com/support/errata/RHSA-2008-0505.html

www.redhat.com/support/errata/RHSA-2008-0544.html

www.redhat.com/support/errata/RHSA-2008-0545.html

www.redhat.com/support/errata/RHSA-2008-0546.html

www.redhat.com/support/errata/RHSA-2008-0582.html

www.securityfocus.com/archive/1/491683/100/0/threaded

www.sektioneins.de/advisories/SE-2008-02.txt

www.ubuntu.com/usn/usn-628-1

exchange.xforce.ibmcloud.com/vulnerabilities/42226

exchange.xforce.ibmcloud.com/vulnerabilities/42284

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644

www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

Related for CVE-2008-2107

prion2 veracode1 ubuntucve2 cve1 nessus20 openvas32 fedora3 redhat5 oraclelinux2 centos3 debian1 osv1 ubuntu1 gentoo1