PublicDate: 2008-05-07 21:20:00 UTC
Candidate: CVE-2008-2107
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
 https://ubuntu.com/security/notices/USN-628-1
Description:
 The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when
 running on 32-bit systems, performs a multiplication using values that can
 produce a zero seed in rare circumstances, which allows context-dependent
 attackers to predict subsequent values of the rand and mt_rand functions
 and possibly bypass protection mechanisms that rely on an unknown initial
 seed.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_php5:
 vendor: http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
upstream_php5: released (5.2.5)
dapper_php5: released (5.1.2-1ubuntu3.12)
feisty_php5: released (5.2.1-0ubuntu1.6)
gutsy_php5: released (5.2.3-1ubuntu6.4)
hardy_php5: released (5.2.4-2ubuntu5.3)
devel_php5: not-affected (5.2.6-1ubuntu1)