Description
The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.
References (9)
Core 9
Core References
Third Party Advisory third-party-advisory
http://secunia.com/advisories/25306
Third Party Advisory vdb-entry
http://www.vupen.com/english/advisories/2007/1839
Third Party Advisory vendor-advisory
http://www.ubuntu.com/usn/usn-485-1
Third Party Advisory vendor-advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
Third Party Advisory third-party-advisory
http://secunia.com/advisories/26895
Third Party Advisory third-party-advisory
http://secunia.com/advisories/26102
Broken Link vdb-entry
http://osvdb.org/36086
Broken Link vendor-advisory
http://www.novell.com/linux/security/advisories/2007_15_sr.html
Scores
EPSS
0.0126
EPSS Percentile
79.7%
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (4)
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
6.10
canonical/ubuntu_linux
7.04
php/php
Published
May 16, 2007
Tracked Since
Feb 18, 2026