A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2008-03-04 23:44
Updated : 2024-02-04 17:13
NVD link : CVE-2008-1147
Mitre link : CVE-2008-1147
CVE.ORG link : CVE-2008-1147
JSON object : View
Products Affected
cosmicperl
- directory_pro
apple
- mac_os_x_server
- mac_os_x
netbsd
- netbsd
openbsd
- openbsd
darwin
- darwin
dragonflybsd
- dragonflybsd
freebsd
- freebsd
navision
- financials_server
CWE