A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:M/Au:N/C:P/I:P/A:P
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Apple |
|
Cosmicperl |
|
Darwin |
|
Dragonflybsd |
|
Freebsd |
|
Navision |
|
Netbsd |
|
Openbsd |
|
Configuration 1 [-]
AND |
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-03-04T23:00:00
Updated: 2024-08-07T08:08:57.697Z
Reserved: 2008-03-04T00:00:00
Link: CVE-2008-1147
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-03-04T23:44:00.000
Modified: 2024-11-21T00:43:47.333
Link: CVE-2008-1147
Redhat
No data.