Lucene search

PRIOn knowledge basePRION:CVE-2007-2727

HistoryMay 16, 2007 - 10:30 p.m.

Code injection

2007-05-1622:30:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.3%

JSON

The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.

CPENameOperatorVersion
phpeq4.3.9
phpeq4.2.0
phpeq4.1.0
phpeq4.3.4
phpeq4.0.4
phpeq4.3.0
phpeq4.0.5
phpeq4.3.6
phpeq4.0.7 rc2
phpeq4.3.7

Name	Operator	Version
php	eq	4.3.9
php	eq	4.2.0
php	eq	4.1.0
php	eq	4.3.4
php	eq	4.0.4
php	eq	4.3.0
php	eq	4.0.5
php	eq	4.3.6
php	eq	4.0.7 rc2
php	eq	4.3.7

Rows per page:

1-10 of 361

References

blog.php-security.org/archives/80-Watching-the-PHP-CVS.html

bugs.php.net/bug.php?id=40999

cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9&r2=1.91.2.3.2.10

osvdb.org/36087

secunia.com/advisories/26895

www.fortheloot.com/public/mcrypt.patch

www.mandriva.com/security/advisories?name=MDKSA-2007:187

www.novell.com/linux/security/advisories/2007_15_sr.html

www.php.net/ChangeLog-5.php

www.securityfocus.com/bid/23984

6.6 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.3%

JSON

Related for PRION:CVE-2007-2727