Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-1147
HistoryMar 04, 2008 - 11:44 p.m.

CVE-2008-1147

2008-03-0423:44:00
[email protected]
web.nvd.nist.gov
32
cve-2008-1147
prng
xor
2-bit random hops
openbsd
mac os x
freebsd
dragonflybsd
remote attackers
ip fragmentation ids
tcp packets
os fingerprinting
nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.0%

JSON

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka “Algorithm X2”), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.

Affected configurations

NVD
Node
applemac_os_xMatch10.0
OR
applemac_os_xMatch10.0.1
OR
applemac_os_xMatch10.0.2
OR
applemac_os_xMatch10.0.3
OR
applemac_os_xMatch10.0.4
OR
applemac_os_xMatch10.1
OR
applemac_os_xMatch10.1.1
OR
applemac_os_xMatch10.1.2
OR
applemac_os_xMatch10.1.3
OR
applemac_os_xMatch10.1.4
OR
applemac_os_xMatch10.1.5
OR
applemac_os_xMatch10.2
OR
applemac_os_xMatch10.2.1
OR
applemac_os_xMatch10.2.2
OR
applemac_os_xMatch10.2.3
OR
applemac_os_xMatch10.2.4
OR
applemac_os_xMatch10.2.5
OR
applemac_os_xMatch10.2.6
OR
applemac_os_xMatch10.2.7
OR
applemac_os_xMatch10.2.8
OR
applemac_os_xMatch10.3
OR
applemac_os_xMatch10.3.1
OR
applemac_os_xMatch10.3.2
OR
applemac_os_xMatch10.3.3
OR
applemac_os_xMatch10.3.4
OR
applemac_os_xMatch10.3.5
OR
applemac_os_xMatch10.3.6
OR
applemac_os_xMatch10.3.7
OR
applemac_os_xMatch10.3.8
OR
applemac_os_xMatch10.3.9
OR
applemac_os_xMatch10.4
OR
applemac_os_xMatch10.4.1
OR
applemac_os_xMatch10.4.2
OR
applemac_os_xMatch10.4.3
OR
applemac_os_xMatch10.4.4
OR
applemac_os_xMatch10.4.5
OR
applemac_os_xMatch10.4.6
OR
applemac_os_xMatch10.4.7
OR
applemac_os_xMatch10.4.8
OR
applemac_os_xMatch10.4.9
OR
applemac_os_xMatch10.4.10
OR
applemac_os_xMatch10.4.11
OR
applemac_os_xMatch10.5
OR
applemac_os_xMatch10.5.1
OR
applemac_os_x_serverMatch10.0
OR
applemac_os_x_serverMatch10.1
OR
applemac_os_x_serverMatch10.1.1
OR
applemac_os_x_serverMatch10.1.2
OR
applemac_os_x_serverMatch10.1.3
OR
applemac_os_x_serverMatch10.1.4
OR
applemac_os_x_serverMatch10.1.5
OR
applemac_os_x_serverMatch10.2
OR
applemac_os_x_serverMatch10.2.1
OR
applemac_os_x_serverMatch10.2.2
OR
applemac_os_x_serverMatch10.2.3
OR
applemac_os_x_serverMatch10.2.4
OR
applemac_os_x_serverMatch10.2.5
OR
applemac_os_x_serverMatch10.2.6
OR
applemac_os_x_serverMatch10.2.7
OR
applemac_os_x_serverMatch10.2.8
OR
applemac_os_x_serverMatch10.3
OR
applemac_os_x_serverMatch10.3.1
OR
applemac_os_x_serverMatch10.3.2
OR
applemac_os_x_serverMatch10.3.3
OR
applemac_os_x_serverMatch10.3.4
OR
applemac_os_x_serverMatch10.3.5
OR
applemac_os_x_serverMatch10.3.6
OR
applemac_os_x_serverMatch10.3.7
OR
applemac_os_x_serverMatch10.3.8
OR
applemac_os_x_serverMatch10.3.9
OR
applemac_os_x_serverMatch10.4
OR
applemac_os_x_serverMatch10.4.1
OR
applemac_os_x_serverMatch10.4.2
OR
applemac_os_x_serverMatch10.4.3
OR
applemac_os_x_serverMatch10.4.4
OR
applemac_os_x_serverMatch10.4.5
OR
applemac_os_x_serverMatch10.4.6
OR
applemac_os_x_serverMatch10.4.7
OR
applemac_os_x_serverMatch10.4.8
OR
applemac_os_x_serverMatch10.4.9
OR
applemac_os_x_serverMatch10.4.10
OR
applemac_os_x_serverMatch10.4.11
OR
applemac_os_x_serverMatch10.5
OR
dragonflybsddragonflybsdMatch1.0
OR
dragonflybsddragonflybsdMatch1.1
OR
dragonflybsddragonflybsdMatch1.2
OR
dragonflybsddragonflybsdMatch1.10.1
OR
freebsdfreebsdMatch4.4
OR
freebsdfreebsdMatch4.4release_p42
OR
freebsdfreebsdMatch4.4releng
OR
freebsdfreebsdMatch4.4stable
OR
freebsdfreebsdMatch4.5
OR
freebsdfreebsdMatch4.5release
OR
freebsdfreebsdMatch4.5release_p32
OR
freebsdfreebsdMatch4.5releng
OR
freebsdfreebsdMatch4.5stable
OR
freebsdfreebsdMatch4.6
OR
freebsdfreebsdMatch4.6release
OR
freebsdfreebsdMatch4.6release_p20
OR
freebsdfreebsdMatch4.6releng
OR
freebsdfreebsdMatch4.6stable
OR
freebsdfreebsdMatch4.6.2
OR
freebsdfreebsdMatch4.7
OR
freebsdfreebsdMatch4.7release
OR
freebsdfreebsdMatch4.7release_p17
OR
freebsdfreebsdMatch4.7releng
OR
freebsdfreebsdMatch4.7stable
OR
freebsdfreebsdMatch4.8
OR
freebsdfreebsdMatch4.8release_p7
OR
freebsdfreebsdMatch4.8releng
OR
freebsdfreebsdMatch4.8_prerelease
OR
freebsdfreebsdMatch4.9
OR
freebsdfreebsdMatch4.9releng
OR
freebsdfreebsdMatch4.9_prerelease
OR
freebsdfreebsdMatch4.10
OR
freebsdfreebsdMatch4.10release
OR
freebsdfreebsdMatch4.10release_p8
OR
freebsdfreebsdMatch4.10releng
OR
freebsdfreebsdMatch4.10_prerelease
OR
freebsdfreebsdMatch4.11release_p3
OR
freebsdfreebsdMatch4.11releng
OR
freebsdfreebsdMatch4.11stable
OR
freebsdfreebsdMatch4.11_p20_release
OR
freebsdfreebsdMatch4.11_release
OR
freebsdfreebsdMatch5.0
OR
freebsdfreebsdMatch5.0alpha
OR
freebsdfreebsdMatch5.0release_p14
OR
freebsdfreebsdMatch5.0releng
OR
freebsdfreebsdMatch5.1
OR
freebsdfreebsdMatch5.1alpha
OR
freebsdfreebsdMatch5.1release
OR
freebsdfreebsdMatch5.1release_p5
OR
freebsdfreebsdMatch5.1releng
OR
freebsdfreebsdMatch5.2
OR
freebsdfreebsdMatch5.2.1release
OR
freebsdfreebsdMatch5.2.1releng
OR
freebsdfreebsdMatch5.3
OR
freebsdfreebsdMatch5.3release
OR
freebsdfreebsdMatch5.3releng
OR
freebsdfreebsdMatch5.3stable
OR
freebsdfreebsdMatch5.4release
OR
freebsdfreebsdMatch5.4releng
OR
freebsdfreebsdMatch5.4stable
OR
freebsdfreebsdMatch5.5_release
OR
freebsdfreebsdMatch5.5_stable
OR
freebsdfreebsdMatch6.0
OR
freebsdfreebsdMatch6.0release
OR
freebsdfreebsdMatch6.0stable
OR
freebsdfreebsdMatch6.0_p5_release
OR
freebsdfreebsdMatch6.1
OR
freebsdfreebsdMatch6.1release
OR
freebsdfreebsdMatch6.1release_p10
OR
freebsdfreebsdMatch6.1stable
OR
freebsdfreebsdMatch6.2
OR
freebsdfreebsdMatch6.2stable
OR
freebsdfreebsdMatch6.2_releng
OR
freebsdfreebsdMatch6.3
OR
freebsdfreebsdMatch6.3_releng
OR
freebsdfreebsdMatch7.0pre-release
OR
freebsdfreebsdMatch7.0_beta4
OR
freebsdfreebsdMatch7.0_releng
OR
netbsdnetbsdMatch1.6.2
OR
netbsdnetbsdMatch2.0
OR
netbsdnetbsdMatch2.0.1
OR
netbsdnetbsdMatch2.0.2
OR
netbsdnetbsdMatch2.0.3
OR
netbsdnetbsdMatch2.0.4
OR
netbsdnetbsdMatch2.1
OR
netbsdnetbsdMatch2.1.1
OR
netbsdnetbsdMatch3.0.1
OR
netbsdnetbsdMatch3.0.2
OR
netbsdnetbsdMatch3.1
OR
netbsdnetbsdMatch3.1rc1
OR
netbsdnetbsdMatch3.1rc3
OR
netbsdnetbsdMatch4.0
OR
netbsdnetbsdMatch4.0beta
OR
netbsdnetbsdMatch4.0beta2
OR
openbsdopenbsdMatch2.6
OR
openbsdopenbsdMatch2.7
OR
openbsdopenbsdMatch2.8
OR
openbsdopenbsdMatch2.9
OR
openbsdopenbsdMatch3.0
OR
openbsdopenbsdMatch3.1
OR
openbsdopenbsdMatch3.2
OR
openbsdopenbsdMatch3.3
OR
openbsdopenbsdMatch3.4
OR
openbsdopenbsdMatch3.5
OR
openbsdopenbsdMatch3.6
OR
openbsdopenbsdMatch3.7
OR
openbsdopenbsdMatch3.8
OR
openbsdopenbsdMatch3.9
OR
openbsdopenbsdMatch4.0
OR
openbsdopenbsdMatch4.1
OR
openbsdopenbsdMatch4.2
AND
cosmicperldirectory_proMatch10.0.3
OR
darwindarwinMatch1.0
OR
darwindarwinMatch9.1
OR
navisionfinancials_serverMatch3.0

Related

prion 1
nvd 1
cvelist 1
prion
prion
Code injection
2008-03-04 23:44:00
nvd
nvd
CVE-2008-1147
2008-03-04 23:44:00
cvelist
cvelist
CVE-2008-1147
2008-03-04 23:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.0%

JSON
Related for CVE-2008-1147
prion1nvd1cvelist1