漏洞信息详情
PHP 数字错误漏洞
- CNNVD编号:CNNVD-200809-250
- 危害等级: 中危
- CVE编号: CVE-2008-4107
- 漏洞类型: 数字错误
- 发布时间: 2008-09-18
- 威胁类型: 远程
- 更新时间: 2009-01-29
- 厂 商: php
- 漏洞来源:
漏洞简介
PHP 5.2.6的(1) rand 和 (2) mt_rand 函数不能产生保密性强的随机数字,攻击者可以通过破解此类函数产生的安全防护功能来接触依赖此功能的产品,例如,Joomla! 1.5.x 和 WordPress 2.6.2之前版本中的password-reset功能。
漏洞公告
参考网址
来源: FEDORA
名称: FEDORA-2008-7902
链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.HTML
来源: FEDORA
名称: FEDORA-2008-7760
链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.HTML
来源: MISC 接:http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
来源: MISC
链接:http://www.sektioneins.de/advisories/SE-2008-05.txt
来源: MISC
链接:http://www.sektioneins.de/advisories/SE-2008-04.txt
来源: MISC
链接:http://www.sektioneins.de/advisories/SE-2008-02.txt
来源: BID
名称: 31115
链接:http://www.securityfocus.com/bid/31115
来源: BUGTRAQ
名称: 20080911 Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/496287/100/0/threaded
来源: BUGTRAQ
名称: 20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/496237/100/0/threaded
来源: MLIST
名称: [oss-security] 20080911 CVE request: wordpress <>
链接:http://www.openwall.com/lists/oss-security/2008/09/11/6
来源: VUPEN
名称: ADV-2008-2553
链接:http://www.frsirt.com/english/advisories/2008/2553
来源: wordpress.org接:http://wordpress.org/development/2008/09/wordpress-262/
来源: SECTRACK
名称: 1020869
链接:http://securitytracker.com/id?1020869
来源: SREASON
名称: 4271
链接:http://securityreason.com/securityalert/4271
来源: SECUNIA
名称: 31870
链接:http://secunia.com/advisories/31870
来源: SECUNIA
名称: 31737
链接:http://secunia.com/advisories/31737
来源: OSVDB
名称: 48700
链接:http://osvdb.org/48700
来源: MLIST
名称: [oss-security] 20080916 Re: CVE request: wordpress <>
链接:http://marc.info/?l=oss-security&m=122152830017099&w=2
受影响实体
- Php Php:4.4.7
- Php Php:4.4.6
- Php Php:4.4.5
- Php Php:4.4.4
- Php Php:4.4.3
补丁
暂无
评论