CVE-2007-2727
Vulnerability from cvelistv5
Published
2007-05-16 22:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html | Vendor Advisory | |
| cve@mitre.org | http://bugs.php.net/bug.php?id=40999 | Vendor Advisory | |
| cve@mitre.org | http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9&r2=1.91.2.3.2.10 | Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/36087 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/26895 | Broken Link | |
| cve@mitre.org | http://www.fortheloot.com/public/mcrypt.patch | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 | Broken Link | |
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_15_sr.html | Third Party Advisory | |
| cve@mitre.org | http://www.php.net/ChangeLog-5.php | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/23984 | Third Party Advisory, VDB Entry |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23984",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortheloot.com/public/mcrypt.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9\u0026r2=1.91.2.3.2.10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.php.net/bug.php?id=40999"
},
{
"name": "MDKSA-2007:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187"
},
{
"name": "26895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26895"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "36087",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23984",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortheloot.com/public/mcrypt.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9\u0026r2=1.91.2.3.2.10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.php.net/bug.php?id=40999"
},
{
"name": "MDKSA-2007:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187"
},
{
"name": "26895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26895"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "36087",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23984"
},
{
"name": "http://www.fortheloot.com/public/mcrypt.patch",
"refsource": "MISC",
"url": "http://www.fortheloot.com/public/mcrypt.patch"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9\u0026r2=1.91.2.3.2.10",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9\u0026r2=1.91.2.3.2.10"
},
{
"name": "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html",
"refsource": "MISC",
"url": "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "http://bugs.php.net/bug.php?id=40999",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/bug.php?id=40999"
},
{
"name": "MDKSA-2007:187",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187"
},
{
"name": "26895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26895"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "36087",
"refsource": "OSVDB",
"url": "http://osvdb.org/36087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2727",
"datePublished": "2007-05-16T22:00:00",
"dateReserved": "2007-05-16T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2007-2727\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-05-16T22:30:00.000\",\"lastModified\":\"2022-11-07T15:05:12.380\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n mcrypt_create_iv en ext/mcrypt/mcrypt.c en PHP anterior a 4.4.7, 5.2.1, y posiblemente 5.0.x y otras versiones PHP 5, llaman a php_rand_r con una variable de cabeza de serie no inicializada y por lo tanto siempre genera el mismo vector de inicializaci\u00f3n (IV), lo cual podr\u00eda permitir a atacantes dependientes del contexto desencriptar ciertos datos m\u00e1s f\u00e1cilmente debido a que las claves de cifrado son m\u00e1s f\u00e1ciles de adivinar.\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat\\nApplication Stack 1, or 2, as the packages shipped are not compiled with the mcrypt extension affected by this issue.\\n\",\"lastModified\":\"2008-06-26T00:00:00\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.6},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.0\",\"versionEndExcluding\":\"4.4.7\",\"matchCriteriaId\":\"59EC31C2-497E-42A9-BC39-C33C015BA461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.2.2\",\"matchCriteriaId\":\"91370F42-4EA1-445E-913F-34F473CB1905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78BAA18C-E5A0-4210-B64B-709BBFF31EEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"419867C6-37BE-43B4-BFE0-6325FEE3807D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"37896E87-95C2-4039-8362-BC03B1C56706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13A159B4-B847-47DE-B7F8-89384E6C551B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57B59616-A309-40B4-94B1-50A7BC00E35C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8667FBC6-04B6-40E5-93B3-6C22BEED4B26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F39A1B1-416E-4436-8007-733B66904A14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2E5F96-66D2-4F99-A74D-6A2305EE218E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D724D09-0D45-4701-93C9-348301217C8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC6A6F47-5C7C-4F82-B23B-9C959C69B27F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1A4DA6-6181-43A8-B0D8-5A016C3E75FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E36203C-1392-49BB-AE7E-49626963D673\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6713614A-B14E-4A85-BF89-ED780068FC68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD95F8EB-B428-4B3C-9254-A5DECE03A989\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"069EB7EE-06B9-454F-9007-8DE5DCA33C53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18BF5BE6-09EA-45AD-93BF-2BEF1742534E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC1460DF-1687-4314-BF1A-01290B20302D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"470380B0-3982-48FC-871B-C8B43C81900D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63190D9B-7958-4B93-87C6-E7D5A572F6DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AAF4586-74FF-47C6-864B-656FDF3F33D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5245F990-B4A7-4ED8-909D-B8137CE79FAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5652D5B0-68E4-4239-B9B7-599AFCF4C53E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57B71BB7-5239-4860-9100-8CABC3992D8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72BD447A-4EED-482C-8F61-48FAD4FCF8BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F9DF9D-15E5-4387-ABE3-A7583331A928\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11579E5C-D7CF-46EE-B015-5F4185C174E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C69CDE21-2FD4-4529-8F02-8709CF5E3D7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"221B9AC4-C63C-4386-B3BD-E4BC102C6124\"}]}]}],\"references\":[{\"url\":\"http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://bugs.php.net/bug.php?id=40999\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.9\u0026r2=1.91.2.3.2.10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/36087\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/26895\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.fortheloot.com/public/mcrypt.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:187\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_15_sr.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.php.net/ChangeLog-5.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/23984\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.