CVE-2008-1146 - CVE Reference - Advisories

CVE Reference: CVE-2008-1146

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1146

Description: A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/40329 SAID Secunia Advisory: SA28819 MISC http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf http://www.securiteam.com/securityreviews/5PP0H0UNGW.html BUGTRAQ http://www.securityfocus.com/archive/1/487658 BID 27647

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	OpenBSD BIND Query Port DNS Cache Poisoning

2.	Drupal Session Fixation Vulnerability

3.	Red Hat update for kernel

4.	Linux Kernel LDT Buffer Size Handling Vulnerability

5.	IPCop update for perl

6.	Debian update for clamav

7.	Ubuntu update for php

8.	Red Hat update for thunderbird

9.	dnsmasq Denial of Service and DNS Cache Poisoning

10.	Apple Safari Cross-Domain Cookie Injection Vulnerability