Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2008-2107

Disclosure Date: May 07, 2008 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

References

Canonical

CVE-2008-2107 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107)

Advisory

FEDORA-2008-3606 (https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html)

SECUNIA-32746 (http://secunia.com/advisories/32746)

20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html)

GLSA-200811-05 (http://security.gentoo.org/glsa/glsa-200811-05.xml)

http://www.redhat.com/support/errata/RHSA-2008-0546.html

FEDORA-2008-3864 (https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html)

SECUNIA-30828 (http://secunia.com/advisories/30828)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:128

SREASON-3859 (http://securityreason.com/securityalert/3859)

http://www.redhat.com/support/errata/RHSA-2008-0582.html

USN-628-1 (http://www.ubuntu.com/usn/usn-628-1)

http://www.redhat.com/support/errata/RHSA-2008-0545.html

XF-php-generateseed-weak-security(42226) (https://exchange.xforce.ibmcloud.com/vulnerabilities/42226)

SECUNIA-31124 (http://secunia.com/advisories/31124)

SECUNIA-30967 (http://secunia.com/advisories/30967)

SECUNIA-31119 (http://secunia.com/advisories/31119)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:129

SECUNIA-31200 (http://secunia.com/advisories/31200)

SECUNIA-30757 (http://secunia.com/advisories/30757)

http://www.redhat.com/support/errata/RHSA-2008-0544.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

SECUNIA-35003 (http://secunia.com/advisories/35003)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:125

http://www.redhat.com/support/errata/RHSA-2008-0505.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:130

http://www.mandriva.com/security/advisories?name=MDVSA-2008:126

20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (http://www.securityfocus.com/archive/1/491683/100/0/threaded)

XF-php-generateseed-security-bypass(42284) (https://exchange.xforce.ibmcloud.com/vulnerabilities/42284)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:127

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644

DSA-1789 (http://www.debian.org/security/2009/dsa-1789)

Miscellaneous

http://www.sektioneins.de/advisories/SE-2008-02.txt

Rapid7

Technical Analysis