A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
References
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 02:01
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2008-03-04 23:44
Updated : 2023-12-10 10:40
NVD link : CVE-2008-1147
Mitre link : CVE-2008-1147
CVE.ORG link : CVE-2008-1147
JSON object : View
Products Affected
openbsd
- openbsd
freebsd
- freebsd
apple
- mac_os_x
- mac_os_x_server
darwin
- darwin
netbsd
- netbsd
dragonflybsd
- dragonflybsd
cosmicperl
- directory_pro
navision
- financials_server
CWE