CVE Vulnerabilities

CVE-2008-2107

Published: May 07, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

Affected Software

Name Vendor Start Version End Version
Php Php * 4.4.7
Php Php 5 5
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.1 5.0.1
Php Php 5.0.2 5.0.2
Php Php 5.0.3 5.0.3
Php Php 5.0.4 5.0.4
Php Php 5.0.5 5.0.5
Php Php 5.1.0 5.1.0
Php Php 5.1.1 5.1.1
Php Php 5.1.2 5.1.2
Php Php 5.1.3 5.1.3
Php Php 5.1.4 5.1.4
Php Php 5.1.5 5.1.5
Php Php 5.1.6 5.1.6
Php Php 5.2.0 5.2.0
Php Php 5.2.1 5.2.1
Php Php 5.2.2 5.2.2
Php Php 5.2.3 5.2.3
Php Php 5.2.4 5.2.4
Red Hat Application Stack v2 for Enterprise Linux RedHat httpd *
Red Hat Application Stack v2 for Enterprise Linux RedHat mod_jk *
Red Hat Application Stack v2 for Enterprise Linux RedHat mod_perl *
Red Hat Application Stack v2 for Enterprise Linux RedHat mysql *
Red Hat Application Stack v2 for Enterprise Linux RedHat mysql-connector-odbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat mysql-jdbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat perl-DBD-MySQL *
Red Hat Application Stack v2 for Enterprise Linux RedHat perl-DBI *
Red Hat Application Stack v2 for Enterprise Linux RedHat php *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresql *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresqlclient81 *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresql-jdbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresql-odbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat unixODBC *
Red Hat Enterprise Linux 2.1 RedHat php-0:4.1.2-2.20 *
Red Hat Enterprise Linux 3 RedHat php-0:4.3.2-48.ent *
Red Hat Enterprise Linux 4 RedHat php-0:4.3.9-3.22.12 *
Red Hat Enterprise Linux 5 RedHat php-0:5.1.6-20.el5_2.1 *
Php5 Ubuntu dapper *
Php5 Ubuntu feisty *
Php5 Ubuntu gutsy *
Php5 Ubuntu hardy *
Php5 Ubuntu upstream *

References