Launchpad.net

CVE 2008-2107

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

Related bugs and status

CVE-2008-2107 (Candidate) is related to these bugs:

Bug #227464: Please roll out security fixes from PHP 5.2.6

		In	Importance	Status
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Debian)	Unknown	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	Hardy Backports	Undecided	Invalid
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Hardy)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Dapper)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Feisty)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Gutsy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20080506 Advisory SE-2...
MISC: http://www.sektioneins...
FEDORA: FEDORA-2008-3606
FEDORA: FEDORA-2008-3864
REDHAT: RHSA-2008:0505
SUSE: SUSE-SR:2008:014
SECUNIA: 30757
SECUNIA: 30828
MANDRIVA: MDVSA-2008:125
MANDRIVA: MDVSA-2008:126
MANDRIVA: MDVSA-2008:127
MANDRIVA: MDVSA-2008:128
MANDRIVA: MDVSA-2008:129
MANDRIVA: MDVSA-2008:130
SECUNIA: 30967
REDHAT: RHSA-2008:0544
REDHAT: RHSA-2008:0545
REDHAT: RHSA-2008:0546
REDHAT: RHSA-2008:0582
UBUNTU: USN-628-1
SECUNIA: 31119
SECUNIA: 31124
SECUNIA: 31200
SREASON: 3859
DEBIAN: DSA-1789
SECUNIA: 35003
GENTOO: GLSA-200811-05
SECUNIA: 32746
XF: php-generateseed-weak-...
XF: php-generateseed-secur...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080506 Advisory SE-2...