CVE Vulnerabilities

CVE-2000-0916

Published: Dec 19, 2000 | Modified: Apr 03, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.

Affected Software

Name Vendor Start Version End Version
Freebsd Freebsd 2.0 (including) 2.0 (including)
Freebsd Freebsd 3.0 (including) 3.0 (including)
Freebsd Freebsd 4.0 (including) 4.0 (including)
Freebsd Freebsd 4.1 (including) 4.1 (including)
Freebsd Freebsd 4.1.1 (including) 4.1.1 (including)

References