Bug 462772 - (CVE-2008-4107) CVE-2008-4107 PHP: insecure random numbers
CVE-2008-4107 PHP: insecure random numbers
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2008-09-18 15:31 EDT by Josh Bressers
Modified: 2009-04-15 04:14 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-30 04:09:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2008-09-18 15:31:58 EDT
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce
cryptographically strong random numbers, which allows attackers to
leverage exposures in products that rely on these functions for
security-relevant functionality, as demonstrated by the password-reset
functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different
vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Note, wordpress 2.6.2 has been pushed for Fedora 8 and 9
Comment 1 Josh Bressers 2008-09-26 16:13:59 EDT
This blog entry explains this problem in more details:

The bits that are relevant to PHP are this:

    Implementation Bugs

    In PHP 4 and PHP <= 5.2.5 the automatic seed of rand() and mt_srand() is
    buggy. Whenever the lowest 26 bits of the timestamp are zero the internal
    seed will become zero (or 1 due to the forced bit) on 32 bit systems
    because of an overflow of the 32 bit register. On 64 bit systems there is
    a precision loss when the seed is casted from a double to int that results
    in a seed about 24 bit strong.
Comment 2 Josh Bressers 2008-09-26 16:21:44 EDT
So this is obviously not ideal, but I question if it's worth fixing this in our old versions of PHP.  We risk screwing up something else as doing random numbers properly is very hard to do.  The lowest 26 bits of the timestamp are all zero for one second about once per year (slightly more).

This is an extremely small window of opportunity, and that presumes that a remote attacker can cause PHP to seed at exactly that moment, which is unlikely.

For affected versions of PHP, we will WONTFIX this bug.
Comment 3 Tomas Hoger 2008-09-30 04:09:28 EDT
Wordpress upstream announcement related to weak random number generator:

(Marking bug closed based on comment #2)

Note You need to log in before you can comment on or make changes to this bug.