The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-05-07T21:00:00
Updated: 2024-08-07T08:49:57.969Z
Reserved: 2008-05-07T00:00:00
Link: CVE-2008-2107
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-05-07T21:20:00.000
Modified: 2018-10-11T20:39:23.687
Link: CVE-2008-2107
Redhat