Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4107

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-4107
Last Modified 29 Oct 2012 11:16:38
Published 18 Sep 2008 01:59:33
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-4107

Summary

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Vulnerable Systems

Application

  • Php 4.0

  • Php 4.0.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.1.3

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.2.4

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 4.4.1

  • Php 4.4.2

  • Php 4.4.3

  • Php 4.4.4

  • Php 4.4.5

  • Php 4.4.6

  • Php 4.4.7

  • Php 4.4.8

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1.0

  • Php 5.1.2

  • Php 5.1.4

  • Php 5.1.5

  • Php 5.1.6

  • Php 5.2.0

  • Php 5.2.1

  • Php 5.2.2

  • Php 5.2.3

  • Php 5.2.4

  • Php 5.2.5


References

FEDORA - FEDORA-2008-7902

FEDORA - FEDORA-2008-7760

VUPEN - ADV-2008-2553

MISC - http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

MISC - http://www.sektioneins.de/advisories/SE-2008-05.txt

MISC - http://www.sektioneins.de/advisories/SE-2008-04.txt

MISC - http://www.sektioneins.de/advisories/SE-2008-02.txt

BID - 31115

BUGTRAQ - 20080911 Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability

BUGTRAQ - 20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability

MLIST - [oss-security] 20080911 CVE request: wordpress < 2.6.2

CONFIRM - http://wordpress.org/development/2008/09/wordpress-262/

SECTRACK - 1020869

SREASON - 4271

SECUNIA - 31870

SECUNIA - 31737

OSVDB - 48700

MLIST - [oss-security] 20080916 Re: CVE request: wordpress < 2.6.2

XF - php-rand-mtrand-weak-security(45956)


Last Updated: 27 May 2016 11:01:18