Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2007-2727
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-16 May, 2007 | 22:00
Updated At-07 Aug, 2024 | 13:49
Rejected At-
▼CVE Numbering Authority (CNA)

The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/23984
vdb-entry
x_refsource_BID
http://www.fortheloot.com/public/mcrypt.patch
x_refsource_MISC
http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9&r2=1.91.2.3.2.10
x_refsource_CONFIRM
http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html
x_refsource_MISC
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
http://bugs.php.net/bug.php?id=40999
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/26895
third-party-advisory
x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2007_15_sr.html
vendor-advisory
x_refsource_SUSE
http://osvdb.org/36087
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/bid/23984
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.fortheloot.com/public/mcrypt.patch
Resource:
x_refsource_MISC
Hyperlink: http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9&r2=1.91.2.3.2.10
Resource:
x_refsource_CONFIRM
Hyperlink: http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html
Resource:
x_refsource_MISC
Hyperlink: http://www.php.net/ChangeLog-5.php
Resource:
x_refsource_CONFIRM
Hyperlink: http://bugs.php.net/bug.php?id=40999
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/26895
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.novell.com/linux/security/advisories/2007_15_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://osvdb.org/36087
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/23984
vdb-entry
x_refsource_BID
x_transferred
http://www.fortheloot.com/public/mcrypt.patch
x_refsource_MISC
x_transferred
http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9&r2=1.91.2.3.2.10
x_refsource_CONFIRM
x_transferred
http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html
x_refsource_MISC
x_transferred
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
x_transferred
http://bugs.php.net/bug.php?id=40999
x_refsource_CONFIRM
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/26895
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.novell.com/linux/security/advisories/2007_15_sr.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://osvdb.org/36087
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/23984
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.fortheloot.com/public/mcrypt.patch
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9&r2=1.91.2.3.2.10
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.php.net/ChangeLog-5.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://bugs.php.net/bug.php?id=40999
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/26895
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2007_15_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://osvdb.org/36087
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Details not found