CVE Vulnerabilities

CVE-2008-2107

Published: May 07, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

Affected Software

Name Vendor Start Version End Version
Php Php 5.1.5 5.1.5
Php Php 5.1.2 5.1.2
Php Php 5.1.1 5.1.1
Php Php 5.0.0 5.0.0
Php Php 5.1.6 5.1.6
Php Php 5.2.2 5.2.2
Php Php 5.0.5 5.0.5
Php Php 5.0.1 5.0.1
Php Php 5.1.4 5.1.4
Php Php 5.0.4 5.0.4
Php Php * 4.4.7
Php Php 5.0.0 5.0.0
Php Php 5.2.3 5.2.3
Php Php 5.0.3 5.0.3
Php Php 5.1.0 5.1.0
Php Php 5.0.0 5.0.0
Php Php 5.2.0 5.2.0
Php Php 5.2.4 5.2.4
Php Php 5.0.0 5.0.0
Php Php 5.1.3 5.1.3
Php Php 5.0.0 5.0.0
Php Php 5.0.2 5.0.2
Php Php 5.2.1 5.2.1
Php Php 5 5
Php Php 5.0.0 5.0.0

References