Vulnerability Description
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | <= 4.4.8 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=oss-security&m=122152830017099&w=2
- http://osvdb.org/48700
- http://secunia.com/advisories/31737Vendor Advisory
- http://secunia.com/advisories/31870Vendor Advisory
- http://securityreason.com/securityalert/4271
- http://securitytracker.com/id?1020869
- http://wordpress.org/development/2008/09/wordpress-262/
- http://www.openwall.com/lists/oss-security/2008/09/11/6
- http://www.securityfocus.com/archive/1/496237/100/0/threaded
- http://www.securityfocus.com/archive/1/496287/100/0/threaded
- http://www.securityfocus.com/bid/31115
- http://www.sektioneins.de/advisories/SE-2008-02.txt
- http://www.sektioneins.de/advisories/SE-2008-04.txt
- http://www.sektioneins.de/advisories/SE-2008-05.txt
- http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
FAQ
What is CVE-2008-4107?
CVE-2008-4107 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for se...
How severe is CVE-2008-4107?
CVE-2008-4107 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4107?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.