Vulnerabilities > CVE-2008-1146

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X 10.4 Apple MAC OS X 10.4.1 Apple MAC OS X 10.4.2 Apple MAC OS X 10.4.3 Apple MAC OS X 10.4.4 Apple MAC OS X 10.4.5 Apple MAC OS X 10.4.6 Apple MAC OS X 10.4.7 Apple MAC OS X 10.4.8 Apple MAC OS X 10.4.9 Apple MAC OS X 10.4.10 Apple MAC OS X 10.4.11 Apple MAC OS X 10.5 Apple MAC OS X 10.5.1 Apple MAC OS X Server 10.0 Apple MAC OS X Server 10.1 Apple MAC OS X Server 10.1.1 Apple MAC OS X Server 10.1.2 Apple MAC OS X Server 10.1.3 Apple MAC OS X Server 10.1.4 Apple MAC OS X Server 10.1.5 Apple MAC OS X Server 10.2 Apple MAC OS X Server 10.2.1 Apple MAC OS X Server 10.2.2 Apple MAC OS X Server 10.2.3 Apple MAC OS X Server 10.2.4 Apple MAC OS X Server 10.2.5 Apple MAC OS X Server 10.2.6 Apple MAC OS X Server 10.2.7 Apple MAC OS X Server 10.2.8 Apple MAC OS X Server 10.3 Apple MAC OS X Server 10.3.1 Apple MAC OS X Server 10.3.2 Apple MAC OS X Server 10.3.3 Apple MAC OS X Server 10.3.4 Apple MAC OS X Server 10.3.5 Apple MAC OS X Server 10.3.6 Apple MAC OS X Server 10.3.7 Apple MAC OS X Server 10.3.8 Apple MAC OS X Server 10.3.9 Apple MAC OS X Server 10.4 Apple MAC OS X Server 10.4.1 Apple MAC OS X Server 10.4.2 Apple MAC OS X Server 10.4.3 Apple MAC OS X Server 10.4.4 Apple MAC OS X Server 10.4.5 Apple MAC OS X Server 10.4.6 Apple MAC OS X Server 10.4.7 Apple MAC OS X Server 10.4.8 Apple MAC OS X Server 10.4.9 Apple MAC OS X Server 10.4.10 Apple MAC OS X Server 10.4.11 Apple MAC OS X Server 10.5	83
OS	Dragonflybsd Dragonflybsd Dragonflybsd 1.0 Dragonflybsd Dragonflybsd 1.1 Dragonflybsd Dragonflybsd 1.2 Dragonflybsd Dragonflybsd 1.10.1	4
OS	Freebsd Freebsd Freebsd 4.4 Freebsd Freebsd 4.5 Freebsd Freebsd 4.6 Freebsd Freebsd 4.6.2 Freebsd Freebsd 4.7 Freebsd Freebsd 4.8 Freebsd Freebsd 4.8_Prerelease Freebsd Freebsd 4.9 Freebsd Freebsd 4.9_Prerelease Freebsd Freebsd 4.10 Freebsd Freebsd 4.10_Prerelease Freebsd Freebsd 4.11 Freebsd Freebsd 4.11_P20_Release Freebsd Freebsd 4.11_Release Freebsd Freebsd 5.0 Freebsd Freebsd 5.1 Freebsd Freebsd 5.2 Freebsd Freebsd 5.2.1 Freebsd Freebsd 5.3 Freebsd Freebsd 5.4 Freebsd Freebsd 5.5_Release Freebsd Freebsd 5.5_Stable Freebsd Freebsd 6.0 Freebsd Freebsd 6.0_P5_Release Freebsd Freebsd 6.1 Freebsd Freebsd 6.2 Freebsd Freebsd 6.2_Releng Freebsd Freebsd 6.3 Freebsd Freebsd 6.3_Releng Freebsd Freebsd 7.0 Freebsd Freebsd 7.0_Beta4 Freebsd Freebsd 7.0_Releng	74
OS	Netbsd Netbsd Netbsd 1.6.2 Netbsd Netbsd 2.0 Netbsd Netbsd 2.0.1 Netbsd Netbsd 2.0.2 Netbsd Netbsd 2.0.3 Netbsd Netbsd 2.0.4 Netbsd Netbsd 2.1 Netbsd Netbsd 2.1.1 Netbsd Netbsd 3.0.1 Netbsd Netbsd 3.0.2 Netbsd Netbsd 3.1 Netbsd Netbsd 4.0	16
OS	Openbsd Openbsd Openbsd 2.6 Openbsd Openbsd 2.7 Openbsd Openbsd 2.8 Openbsd Openbsd 2.9 Openbsd Openbsd 3.0 Openbsd Openbsd 3.1 Openbsd Openbsd 3.2 Openbsd Openbsd 3.3 Openbsd Openbsd 3.4 Openbsd Openbsd 3.5 Openbsd Openbsd 3.6 Openbsd Openbsd 3.7 Openbsd Openbsd 3.8 Openbsd Openbsd 3.9 Openbsd Openbsd 4.0 Openbsd Openbsd 4.1 Openbsd Openbsd 4.2	17
Application	Cosmicperl Cosmicperl Directory PRO 10.0.3	1
Application	Darwin Darwin Darwin 1.0 Darwin Darwin 9.1	2
Application	Navision Navision Financials Server 3.0	1

Vulnerabilities > CVE-2008-1146 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2008-1146"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2008-1146