A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-04T23:00:00

Updated: 2024-08-07T08:08:57.697Z

Reserved: 2008-03-04T00:00:00

Link: CVE-2008-1147

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-03-04T23:44:00.000

Modified: 2024-11-21T00:43:47.333

Link: CVE-2008-1147

cve-icon Redhat

No data.