Back to search
CVE-2008-1146
Published: Mar 4, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20080206 A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"
mailing-list
x_refsource_BUGTRAQ
28819
third-party-advisory
x_refsource_SECUNIA
http://www.securiteam.com/securityreviews/5PP0H0UNGW.html
x_refsource_MISC
openbsd-prng-dns-spoofing(40329)
vdb-entry
x_refsource_XF
27647
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now