CVE-2008-1147 - CVE Reference - Advisories

CVE Reference: CVE-2008-1147

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1147

Description: A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/40329 http://xforce.iss.net/xforce/xfdb/41155 SAID Secunia Advisory: SA28819 MISC http://www.securiteam.com/securityreviews/5PP0H0UNGW.html http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf CONFIRM http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype= BUGTRAQ http://seclists.org/bugtraq/2008/Feb/0063.html http://seclists.org/bugtraq/2008/Feb/0052.html http://www.securityfocus.com/archive/1/487658 BID 27647

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Mozilla Firefox Multiple Vulnerabilities

2.	PCRE pcre_compile.c Buffer Overflow Vulnerability

3.	VLC Media Player WAV Processing Integer Overflow

4.	Opera for Windows Unspecified Code Execution

5.	GNOME Glib PCRE pcre_compile.c Buffer Overflow Vulnerability

6.	Mozilla Thunderbird Multiple Vulnerabilities

7.	Novell eDirectory ds.dlm Module Buffer Overflow

8.	UnixWare ReliantHA Privilege Escalation Vulnerabilities

9.	Fedora update for glib2

10.	AOL Radio AOLMediaPlaybac kControl.exe Buffer Overflow Vulnerability