CVE Vulnerabilities

CVE-2008-2108

Published: May 07, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.

Affected Software

Name Vendor Start Version End Version
Php Php * 4.4.7
Php Php 5 5
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.1 5.0.1
Php Php 5.0.2 5.0.2
Php Php 5.0.3 5.0.3
Php Php 5.0.4 5.0.4
Php Php 5.0.5 5.0.5
Php Php 5.1.0 5.1.0
Php Php 5.1.1 5.1.1
Php Php 5.1.2 5.1.2
Php Php 5.1.3 5.1.3
Php Php 5.1.4 5.1.4
Php Php 5.1.5 5.1.5
Php Php 5.1.6 5.1.6
Php Php 5.2.0 5.2.0
Php Php 5.2.1 5.2.1
Php Php 5.2.2 5.2.2
Php Php 5.2.3 5.2.3
Php Php 5.2.4 5.2.4
Red Hat Application Stack v2 for Enterprise Linux RedHat httpd *
Red Hat Application Stack v2 for Enterprise Linux RedHat mod_jk *
Red Hat Application Stack v2 for Enterprise Linux RedHat mod_perl *
Red Hat Application Stack v2 for Enterprise Linux RedHat mysql *
Red Hat Application Stack v2 for Enterprise Linux RedHat mysql-connector-odbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat mysql-jdbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat perl-DBD-MySQL *
Red Hat Application Stack v2 for Enterprise Linux RedHat perl-DBI *
Red Hat Application Stack v2 for Enterprise Linux RedHat php *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresql *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresqlclient81 *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresql-jdbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresql-odbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat unixODBC *
Red Hat Enterprise Linux 2.1 RedHat php-0:4.1.2-2.20 *
Red Hat Enterprise Linux 3 RedHat php-0:4.3.2-48.ent *
Red Hat Enterprise Linux 4 RedHat php-0:4.3.9-3.22.12 *
Red Hat Enterprise Linux 5 RedHat php-0:5.1.6-20.el5_2.1 *
Php5 Ubuntu dapper *
Php5 Ubuntu feisty *
Php5 Ubuntu gutsy *
Php5 Ubuntu hardy *
Php5 Ubuntu upstream *

References