PT-2008-3623 · Php+1 · Php+1

Stefan Esser

Publicado

2008-05-07

Atualizado

2018-10-11

CVE-2008-2107

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions 4.x through 4.4.7 PHP versions 5.x through 5.2.4

Description The issue concerns the GENERATE SEED macro, which can produce a zero seed under rare circumstances on 32-bit systems. This allows attackers to predict subsequent values of the rand and mt rand functions, potentially bypassing protection mechanisms that rely on an unknown initial seed.

Recommendations For PHP versions 4.x through 4.4.7, update to version 4.4.8 or later. For PHP versions 5.x through 5.2.4, update to version 5.2.5 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2008-2107

DSA-1789-1

RHSA-2008:0505

RHSA-2008:0544

RHSA-2008:0545

RHSA-2008:0546

RHSA-2008:0582

RHSA-2008_0544

RHSA-2008_0545

Produtos afetados

Php

Red Hat

PT-2008-3623 · Php+1 · Php+1

CVE-2008-2107

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43