CVE-2008-2107 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2008-2107

CVE-2008-2107

May 07, 2008

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

Related Resources (34)

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html

http://secunia.com/advisories/30757

http://www.ubuntu.com/usn/usn-628-1

http://secunia.com/advisories/31119

http://www.debian.org/security/2009/dsa-1789

http://www.mandriva.com/security/advisories?name=MDVSA-2008:128

https://exchange.xforce.ibmcloud.com/vulnerabilities/42226

http://www.mandriva.com/security/advisories?name=MDVSA-2008:127

http://secunia.com/advisories/30967

http://security.gentoo.org/glsa/glsa-200811-05.xml

https://exchange.xforce.ibmcloud.com/vulnerabilities/42284

http://www.redhat.com/support/errata/RHSA-2008-0546.html

https://access.redhat.com/security/cve/CVE-2008-2107

https://people.canonical.com/~ubuntu-security/cve/CVE-2008-2107

http://secunia.com/advisories/31124

http://www.redhat.com/support/errata/RHSA-2008-0545.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:125

http://secunia.com/advisories/32746

http://www.redhat.com/support/errata/RHSA-2008-0544.html

http://www.securityfocus.com/archive/1/491683/100/0/threaded

http://www.sektioneins.de/advisories/SE-2008-02.txt

http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html

http://secunia.com/advisories/31200

http://www.redhat.com/support/errata/RHSA-2008-0505.html

http://www.redhat.com/support/errata/RHSA-2008-0582.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:130

http://securityreason.com/securityalert/3859

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html

http://secunia.com/advisories/35003

http://www.mandriva.com/security/advisories?name=MDVSA-2008:129

http://www.mandriva.com/security/advisories?name=MDVSA-2008:126

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644

http://secunia.com/advisories/30828

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

7.5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

EPSS

Base Score:

3.09