CVE-2008-2108

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions 4.x through 4.4.7 PHP versions 5.x through 5.2.4

Description The issue arises from the GENERATE SEED macro, which, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision. This results in producing 24 bits of entropy, simplifying brute force attacks against protection mechanisms that use the rand and mt rand functions.

Recommendations For PHP versions 4.x through 4.4.7, update to version 4.4.8 or later. For PHP versions 5.x through 5.2.4, update to version 5.2.5 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

CVE-2008-2108

DSA-1789-1

RHSA-2008:0505

RHSA-2008:0544

RHSA-2008:0545

RHSA-2008:0546

RHSA-2008:0582

RHSA-2008_0544

RHSA-2008_0545

Affected Products

Php

Red Hat

CVE-2008-2108

Weakness Enumeration

Related Identifiers

Affected Products

References · 41