A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2008-03-04 15:44
Updated : 2017-08-07 18:29
NVD link : CVE-2008-1147
Mitre link : CVE-2008-1147
JSON object : View
CWE
Products Affected
apple
- mac_os_x_server
- mac_os_x
navision
- financials_server
netbsd
- netbsd
darwin
- darwin
dragonflybsd
- dragonflybsd
freebsd
- freebsd
openbsd
- openbsd
cosmicperl
- directory_pro