Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-1128
HistoryMar 26, 2010 - 12:00 a.m.

CVE-2010-1128

2010-03-2600:00:00
ubuntu.com
ubuntu.com
17

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.009

Percentile

83.3%

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not
provide the expected entropy, which makes it easier for context-dependent
attackers to guess values that were intended to be unpredictable, as
demonstrated by session cookies generated by using the uniqid function.

Notes

Author Note
mdeslaur also fixed in 5.3.2
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.19UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.12UNKNOWN
ubuntu9.04noarchphp5< 5.2.6.dfsg.1-3ubuntu4.6UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.5UNKNOWN

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.009

Percentile

83.3%