Bug 462772 (CVE-2008-4107) - CVE-2008-4107 PHP: insecure random numbers
Summary: CVE-2008-4107 PHP: insecure random numbers
Alias: CVE-2008-4107
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Depends On:
TreeView+ depends on / blocked
Reported: 2008-09-18 19:31 UTC by Josh Bressers
Modified: 2019-09-29 12:26 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-09-30 08:09:28 UTC

Attachments (Terms of Use)

Description Josh Bressers 2008-09-18 19:31:58 UTC
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce
cryptographically strong random numbers, which allows attackers to
leverage exposures in products that rely on these functions for
security-relevant functionality, as demonstrated by the password-reset
functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different
vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Note, wordpress 2.6.2 has been pushed for Fedora 8 and 9

Comment 1 Josh Bressers 2008-09-26 20:13:59 UTC
This blog entry explains this problem in more details:

The bits that are relevant to PHP are this:

    Implementation Bugs

    In PHP 4 and PHP <= 5.2.5 the automatic seed of rand() and mt_srand() is
    buggy. Whenever the lowest 26 bits of the timestamp are zero the internal
    seed will become zero (or 1 due to the forced bit) on 32 bit systems
    because of an overflow of the 32 bit register. On 64 bit systems there is
    a precision loss when the seed is casted from a double to int that results
    in a seed about 24 bit strong.

Comment 2 Josh Bressers 2008-09-26 20:21:44 UTC
So this is obviously not ideal, but I question if it's worth fixing this in our old versions of PHP.  We risk screwing up something else as doing random numbers properly is very hard to do.  The lowest 26 bits of the timestamp are all zero for one second about once per year (slightly more).

This is an extremely small window of opportunity, and that presumes that a remote attacker can cause PHP to seed at exactly that moment, which is unlikely.

For affected versions of PHP, we will WONTFIX this bug.

Comment 3 Tomas Hoger 2008-09-30 08:09:28 UTC
Wordpress upstream announcement related to weak random number generator:

(Marking bug closed based on comment #2)

Note You need to log in before you can comment on or make changes to this bug.