Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2008-4107
HistorySep 18, 2008 - 12:00 a.m.

CVE-2008-4107

2008-09-1800:00:00
ubuntu.com
ubuntu.com
8

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce
cryptographically strong random numbers, which allows attackers to leverage
exposures in products that rely on these functions for security-relevant
functionality, as demonstrated by the password-reset functionality in
Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than
CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Bugs

Notes

Author Note
mdeslaur as of 2009-04-10, unfixed in debian with following comment: the rand() and mt_rand() functions were never said to be cryptographically strong AFAICT, unfixed upstream also more information here: http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/ Let’s ignore this also.

Related

cve 5
prion 5
owncloud 2
openvas 38
patchstack 1
freebsd 1
nessus 24
fedora 3
veracode 2
ubuntucve 3
redhat 5
oraclelinux 2
centos 3
debiancve 1
debian 1
osv 1
ubuntu 1
gentoo 1
cve
cve
CVE-2008-4107
2008-09-18 17:59:00
CVE-2008-2108
2008-05-07 21:20:00
CVE-2008-2107
2008-05-07 21:20:00
prion
prion
Default credentials
2008-09-18 17:59:00
Design/Logic Flaw
2008-05-07 21:20:00
Design/Logic Flaw
2008-05-07 21:20:00
owncloud
owncloud
Server: Insufficiently random values
2012-08-10 11:42:22
Insufficiently random values - ownCloud
2012-08-10 17:04:28
openvas
openvas
Fedora Update for php FEDORA-2008-3606
2009-02-17 00:00:00
Mandriva Update for php MDVSA-2008:128 (php)
2009-04-09 00:00:00
Mandriva Update for php MDVSA-2008:128 (php)
2009-04-09 00:00:00
patchstack
patchstack
WordPress <= 2.6.1 - SQL Truncation Vulnerability #1
2008-09-15 00:00:00
freebsd
freebsd
wordpress -- remote privilege escalation
2008-09-08 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2008:128)
2009-04-23 00:00:00
Fedora 9 : php-5.2.6-2.fc9 (2008-3606)
2008-06-24 00:00:00
Oracle Linux 3 / 5 : php (ELSA-2008-0544)
2013-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
2008-07-26 06:03:23
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
2008-06-20 19:09:41
[SECURITY] Fedora 8 Update: php-5.2.6-2.fc8
2008-06-20 19:08:56
veracode
veracode
Weak Random Number Generator
2020-04-10 00:22:37
Weak Random Number Generator
2020-04-10 00:22:38
ubuntucve
ubuntucve
CVE-2008-2107
2008-05-07 00:00:00
CVE-2008-2108
2008-05-07 00:00:00
CVE-2008-4106
2008-09-18 00:00:00
redhat
redhat
(RHSA-2008:0545) Moderate: php security and bug fix update
2008-07-16 00:00:00
(RHSA-2008:0544) Moderate: php security update
2008-07-16 00:00:00
(RHSA-2008:0582) Moderate: php security update
2008-07-22 00:00:00
oraclelinux
oraclelinux
php security update
2008-07-16 00:00:00
php security and bug fix update
2008-07-16 00:00:00
centos
centos
php security update
2008-07-16 16:10:52
php security update
2008-07-16 16:15:51
php security update
2008-07-18 05:00:21
debiancve
debiancve
CVE-2008-4106
2008-09-18 17:59:00
debian
debian
[SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities
2009-05-04 20:57:57
osv
osv
php5 - several vulnerabilities
2009-05-04 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2008-07-23 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2008-11-16 00:00:00

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for UB:CVE-2008-4107
cve5prion5owncloud2openvas38patchstack1freebsd1nessus24fedora3veracode2ubuntucve3redhat5oraclelinux2centos3debiancve1debian1osv1ubuntu1gentoo1