CVE-2008-2108 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2108
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2108

Description: The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/42226 UBUNTU http://www.ubuntu.com/usn/usn-628-1 SREASON http://securityreason.com/securityalert/3859 SAID Secunia Advisory: SA31124 Secunia Advisory: SA31200 Secunia Advisory: SA31119 Secunia Advisory: SA30828 Secunia Advisory: SA30757 Secunia Advisory: SA35003 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0582.html http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.redhat.com/support/errata/RHSA-2008-0544.html http://www.redhat.com/support/errata/RHSA-2008-0545.html http://www.redhat.com/support/errata/RHSA-2008-0546.html MISC http://www.sektioneins.de/advisories/SE-2008-02.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 http://www.mandriva.com/security/advisories?name=MDVSA-2008:129 http://www.mandriva.com/security/advisories?name=MDVSA-2008:130 http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html FEDORA DEBIAN http://www.debian.org/security/2009/dsa-1789 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/491683/100/0/threaded

Return to the previous page.