N/A

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.

N/A

N/A

OpenBSD PRNG DNS Cache中毒和可预测IP ID缺陷

当在OpenBSD 2.6到3.4、Mac OS X 10 到10.5.1、FreeBSD 4.4到7.0以及DragonFlyBSD 1.0到1.10.1中使用时，一个特定的采用XOR和2-bit随机跳跃(又称运算法则X2)的伪随机数字生成器(PRNG)算法，远程攻击者通过观察一系列之前生成的值推测出一些敏感值，比如IP分段IDs。注意：一些攻击，如注入TCP信息包和OS指纹识别，可以触发该漏洞。

N/A

N/A