The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.
References
Link | Resource |
---|---|
http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html | Broken Link |
http://secunia.com/advisories/25306 | Third Party Advisory |
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 | Third Party Advisory |
http://www.novell.com/linux/security/advisories/2007_15_sr.html | Broken Link |
http://www.ubuntu.com/usn/usn-485-1 | Third Party Advisory |
http://secunia.com/advisories/26102 | Third Party Advisory |
http://secunia.com/advisories/26895 | Third Party Advisory |
http://www.vupen.com/english/advisories/2007/1839 | Third Party Advisory |
http://osvdb.org/36086 | Broken Link |
Information
Published : 2007-05-16 15:30
Updated : 2021-03-31 09:05
NVD link : CVE-2007-2728
Mitre link : CVE-2007-2728
JSON object : View
CWE
Products Affected
canonical
- ubuntu_linux
php
- php