CVE-2008-2107

PHP 4.x < 4.4.8 and 5.x < 5.2.5 - Predictable Seed Generation in GENERATE_SEED Macro

Title source: llm
STIX 2.1

Description

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

References (32)

Core 32
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:129
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:130
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32746
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200811-05.xml
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0546.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30828
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3859
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0582.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-628-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0545.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42226
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31124
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30967
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31119
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31200
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30757
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0544.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35003
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0505.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491683/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42284
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1789

Scores

EPSS 0.0309
EPSS Percentile 87.0%

Details

CWE
CWE-189
Status published
Products (20)
php/php 5
php/php 5.0.0 beta1 (6 CPE variants)
php/php 5.0.1
php/php 5.0.2
php/php 5.0.3
php/php 5.0.4
php/php 5.0.5
php/php 5.1.0
php/php 5.1.1
php/php 5.1.2
... and 10 more
Published May 07, 2008
Tracked Since Feb 18, 2026