Red Hat Bugzilla – Bug 462772
CVE-2008-4107 PHP: insecure random numbers
Last modified: 2009-04-15 04:14:01 EDT
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce
cryptographically strong random numbers, which allows attackers to
leverage exposures in products that rely on these functions for
security-relevant functionality, as demonstrated by the password-reset
functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different
vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.
Note, wordpress 2.6.2 has been pushed for Fedora 8 and 9
This blog entry explains this problem in more details:
The bits that are relevant to PHP are this:
In PHP 4 and PHP <= 5.2.5 the automatic seed of rand() and mt_srand() is
buggy. Whenever the lowest 26 bits of the timestamp are zero the internal
seed will become zero (or 1 due to the forced bit) on 32 bit systems
because of an overflow of the 32 bit register. On 64 bit systems there is
a precision loss when the seed is casted from a double to int that results
in a seed about 24 bit strong.
So this is obviously not ideal, but I question if it's worth fixing this in our old versions of PHP. We risk screwing up something else as doing random numbers properly is very hard to do. The lowest 26 bits of the timestamp are all zero for one second about once per year (slightly more).
This is an extremely small window of opportunity, and that presumes that a remote attacker can cause PHP to seed at exactly that moment, which is unlikely.
For affected versions of PHP, we will WONTFIX this bug.
Wordpress upstream announcement related to weak random number generator:
(Marking bug closed based on comment #2)