CVE-2011-0755

Public Date:
2008-11-17
Bugzilla:
674709: CVE-2011-0755 php: mt_rand() does not check that max is greater than min

The MITRE CVE dictionary describes this issue as:

Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.

Find out more about CVE-2011-0755 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat does not consider this flaw to be a security issue as arguments passed to the mt_rand function are under the full control of the script author. No trust boundary is crossed.

This flaw exists in the php53 packages versions as shipped in Red Hat Enterprise Linux 5 and the php packages versions as shipped in Red Hat Enterprise Linux 6.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 2.6
Base Metrics AV:N/AC:H/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 php Affected
Red Hat Enterprise Linux 5 php Under investigation
Red Hat Enterprise Linux 5 php53 Affected
Red Hat Enterprise Linux 4 php Under investigation
Last Modified

CVE description copyright © 2017, The MITRE Corporation