CVE-2010-1128

2010-03-2600:00:00

ubuntu.com

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.009

Percentile

83.1%

JSON

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not
provide the expected entropy, which makes it easier for context-dependent
attackers to guess values that were intended to be unpredictable, as
demonstrated by session cookies generated by using the uniqid function.

Notes

Author	Note
mdeslaur	also fixed in 5.3.2

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.19UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.12UNKNOWN
ubuntu9.04noarchphp5< 5.2.6.dfsg.1-3ubuntu4.6UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	php5	< 5.1.2-1ubuntu3.19	UNKNOWN
ubuntu	8.04	noarch	php5	< 5.2.4-2ubuntu5.12	UNKNOWN
ubuntu	9.04	noarch	php5	< 5.2.6.dfsg.1-3ubuntu4.6	UNKNOWN
ubuntu	9.10	noarch	php5	< 5.2.10.dfsg.1-2ubuntu6.5	UNKNOWN