Launchpad.net

CVE 2008-2108

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.

Related bugs and status

CVE-2008-2108 (Candidate) is related to these bugs:

Bug #227464: Please roll out security fixes from PHP 5.2.6

		In	Importance	Status
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Debian)	Unknown	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	Hardy Backports	Undecided	Invalid
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Hardy)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Dapper)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Feisty)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Gutsy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20080506 Advisory SE-2...
MISC: http://www.sektioneins...
FEDORA: FEDORA-2008-3606
FEDORA: FEDORA-2008-3864
REDHAT: RHSA-2008:0505
SECUNIA: 30757
SECUNIA: 30828
MANDRIVA: MDVSA-2008:125
MANDRIVA: MDVSA-2008:126
MANDRIVA: MDVSA-2008:127
MANDRIVA: MDVSA-2008:128
MANDRIVA: MDVSA-2008:129
MANDRIVA: MDVSA-2008:130
REDHAT: RHSA-2008:0544
REDHAT: RHSA-2008:0545
REDHAT: RHSA-2008:0546
REDHAT: RHSA-2008:0582
UBUNTU: USN-628-1
SECUNIA: 31119
SECUNIA: 31124
SECUNIA: 31200
SREASON: 3859
DEBIAN: DSA-1789
SECUNIA: 35003
GENTOO: GLSA-200811-05
SECUNIA: 32746
XF: php-generateseed-weak-...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080506 Advisory SE-2...