Vulnerabilities > CVE-2008-1148

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
apple
dragonflybsd
freebsd
netbsd
openbsd
cosmicperl
darwin
navision
NVD
Published: 2008-03-04
Updated: 2017-08-08

Summary

A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.

Vulnerable Configurations

Part Description Count
OS
Apple
83
OS
Dragonflybsd
4
OS
Freebsd
74
OS
Netbsd
16
OS
Openbsd
17
Application
Cosmicperl
1
Application
Darwin
2
Application
Navision
1

References