Published: 18/09/2008 Updated: 30/10/2018

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows malicious users to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress prior to 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.4.7
php php 4.3.9
php php 4.3.8
php php 4.3.11
php php 4.3.10
php php 4.2.1
php php 4.0
php php 4.0.4
php php 4.0.3
php php 4.4.6
php php 4.4.5
php php 4.3.7
php php 4.3.6
php php 4.3.1
php php 4.3.0
php php 4.1.0
php php 4.1.2
php php 4.0.7
php php 4.0.2
php php 4.0.1
php php 4.4.1
php php 4.4.0
php php 4.3.3
php php 4.3.2
php php 4.2.3
php php 4.2.2
php php 4.0.6
php php 4.0.5
php php 4.0.0
php php
php php 4.4.4
php php 4.4.3
php php 4.4.2
php php 4.3.5
php php 4.3.4
php php 4.2
php php 4.2.0
php php 4.1.1
php php 5.2.4
php php 5.2.2
php php 5.1.4
php php 5.1.2
php php 5.0.0
php php 5.2.0
php php 5.2.3
php php 5.1.0
php php 5.0.5
php php 5.1.6
php php 5.1.5
php php 5.2.1
php php 5.0.4
php php 5.0.1

Debian Bug report logs - #500087 CVE-2008-4107: The rand and mt_rand functions in PHP produce weak random numbers Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: W ...

Debian Bug report logs - #500115 CVE-2008-4106: WordPress allows remote attackers to change an arbitrary user's password to a random value Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde ...

CWE-189 http://secunia.com/advisories/31737 http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/http://marc.info/?l=oss-security&m=122152830017099&w=2 http://www.sektioneins.de/advisories/SE-2008-05.txt https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.html http://www.openwall.com/lists/oss-security/2008/09/11/6 http://secunia.com/advisories/31870 http://wordpress.org/development/2008/09/wordpress-262/http://securitytracker.com/id?1020869 http://www.sektioneins.de/advisories/SE-2008-04.txt http://www.sektioneins.de/advisories/SE-2008-02.txt https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.html http://securityreason.com/securityalert/4271 http://osvdb.org/48700 http://www.securityfocus.com/bid/31115 http://www.vupen.com/english/advisories/2008/2553 https://exchange.xforce.ibmcloud.com/vulnerabilities/45956 http://www.securityfocus.com/archive/1/496287/100/0/threaded http://www.securityfocus.com/archive/1/496237/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500087

CVE-2008-4107

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect