CVE-2008-2108

Published May 7, 2008

Last updated 9 months ago

Overview

Description: The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-331

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6C219FD-2507-491C-B38F-777D1A626FEC",
            "versionEndExcluding": "4.4.8",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77177C9F-D96D-4FA7-B8D4-079A4BF52546",
            "versionEndExcluding": "5.2.5",
            "versionStartIncluding": "5.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References