1. Home
  2. CVE Database
  3. CVE-2008-1147
MEDIUM · 6.8

CVE-2008-1147

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through ...

Vulnerability Description

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
AppleMac Os X10.0
AppleMac Os X Server10.0
DragonflybsdDragonflybsd1.0
FreebsdFreebsd4.4
NetbsdNetbsd1.6.2
OpenbsdOpenbsd2.6
CosmicperlDirectory Pro10.0.3
DarwinDarwin1.0
NavisionFinancials Server3.0

References

FAQ

What is CVE-2008-1147?

CVE-2008-1147 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through ...

How severe is CVE-2008-1147?

CVE-2008-1147 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1147?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server, Dragonflybsd Dragonflybsd, Freebsd Freebsd, Netbsd Netbsd.