CVSS: 6.8EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1147
https://notcve.org/view.php?id=CVE-2008-1147
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 2-bit (también conocido com o"algoritmo X2"), usado en OpenBSD de la v2.6 a la 3.4, Mac OS X de la v10 a a 10.5.1, FreeBSD 4.4 a la 7.0 y DragonFlyBSD 1.0 a la 1.10.1, permite a atacantes remotos adivinar datos sensibles como los IDs de una fragmentación IP observando una secuencia generada previamente. NOTA: este fallo puede ser aprovechado por ataques como la inyección de paquetes TCP y OS fingerprinting. • http://seclists.org/bugtraq/2008/Feb/0052.html http://seclists.org/bugtraq/2008/Feb/0063.html http://secunia.com/advisories/28819 http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10%3Bcontenttype= http://www.securiteam.com/securityreviews/5PP0H0UNGW.html http://www.securityfocus.com/archive/1/487658 http://www.securityfocus.com/bid/27647 http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf https://e •
CVSS: 6.8EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1146
https://notcve.org/view.php?id=CVE-2008-1146
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 3-bit (también conocido com o"algoritmo X3"), usado en OpenBSD de la v2.8 a la 4.2, permite a atacantes remotos adivinar datos sensibles como los IDs de una transacción DNS, observando una secuencia de datos generada previamente. NOTA: esta cuestión puede ser aprovechado por ataques como el envenenamiento de la caché DNS contra la modificación BIND en OpenBDS. • http://secunia.com/advisories/28819 http://www.securiteam.com/securityreviews/5PP0H0UNGW.html http://www.securityfocus.com/archive/1/487658 http://www.securityfocus.com/bid/27647 http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/40329 •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones, vulnerabilidad distinta de CVE-2007-4990. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://lists.opensuse.org/ope • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 68%CPEs: 49EXPL: 2CVE-2007-3798 – tcpdump - Print-bgp.C Remote Integer Underflow
https://notcve.org/view.php?id=CVE-2007-3798
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. Un desbordamiento de enteros en el archivo print-bgp.c en el disector BGP en tcpdump versión 3.9.6 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de TLVs especialmente diseñados en un paquete BGP, relacionado a un valor de retorno no comprobado. • https://www.exploit-db.com/exploits/30319 http://bugs.gentoo.org/show_bug.cgi?id=184815 http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/26135 http://secunia.com/advisories/26168 http://secunia.com/advisories/26223 http://secunia.com/advisories/26231 http://secunia.com&# • CWE-190: Integer Overflow or Wraparound CWE-252: Unchecked Return Value •
CVSS: 5.0EPSS: 85%CPEs: 38EXPL: 0CVE-2007-1863 – httpd mod_cache segfault
https://notcve.org/view.php?id=CVE-2007-1863
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. cache_util.c en el módulo mod_cache module en Apache HTTP Server (httpd), cuando caching está habilitado y el módulo de hilos Multi-Processing Module (MPM) está siendo utilizado, permite a atacantes remotos provocar denegación de servicio (caida del manejador de procesos hijos) a través de una respuesta con las cabeceras de control de caché (1) s-maxage, (2) max-age, (3) min-fresh, o (4) max-stale sin valor. • http://bugs.gentoo.org/show_bug.cgi?id=186219 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://osvdb.org/37079 http://rhn.redhat.com&# •