Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1147

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1147
Last Modified 05 Sep 2008 05:36:56
Published 04 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1147

Summary

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.

Vulnerable Systems

Application

  • Cosmicperl Directory Pro 10.0.3

  • Darwin 1.0

  • Darwin 9.1

  • Navision Financials Server 3.0


References

MISC - http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf

BID - 27647

BUGTRAQ - 20080206 A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

MISC - http://www.securiteam.com/securityreviews/5PP0H0UNGW.html

CONFIRM - http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype=

SECUNIA - 28819

BUGTRAQ - 20080206 RE: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

BUGTRAQ - 20080206 Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

XF - openbsd-xor-weak-security(41155)

XF - openbsd-prng-dns-spoofing(40329)


Last Updated: 27 May 2016 10:47:02