National Vulnerability Database (NVD) National Vulnerability Database (CVE-2008-1146)

National Cyber Awareness System

Vulnerability Summary for CVE-2008-1146

Original release date:03/04/2008

Last revised:09/05/2008

Source: US-CERT/NIST

Overview

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf

Hyperlink:http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf

External Source: BID

Name: 27647

Hyperlink:http://www.securityfocus.com/bid/27647

External Source: BUGTRAQ

Name: 20080206 A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

Hyperlink:http://www.securityfocus.com/archive/1/487658

External Source: MISC

Name: http://www.securiteam.com/securityreviews/5PP0H0UNGW.html

Hyperlink:http://www.securiteam.com/securityreviews/5PP0H0UNGW.html

External Source: SECUNIA

Name: 28819

Hyperlink:http://secunia.com/advisories/28819

External Source: XF

Name: openbsd-prng-dns-spoofing(40329)

Hyperlink:http://xforce.iss.net/xforce/xfdb/40329

Vulnerable software and versions

Configuration 1

AND

cpe:/o:apple:mac_os_x:10.0

cpe:/o:apple:mac_os_x:10.0.1

cpe:/o:apple:mac_os_x:10.0.2

cpe:/o:apple:mac_os_x:10.0.3

cpe:/o:apple:mac_os_x:10.0.4

cpe:/o:apple:mac_os_x:10.1

cpe:/o:apple:mac_os_x:10.1.1

cpe:/o:apple:mac_os_x:10.1.2

cpe:/o:apple:mac_os_x:10.1.3

cpe:/o:apple:mac_os_x:10.1.4

cpe:/o:apple:mac_os_x:10.1.5

cpe:/o:apple:mac_os_x:10.2

cpe:/o:apple:mac_os_x:10.2.1

cpe:/o:apple:mac_os_x:10.2.2

cpe:/o:apple:mac_os_x:10.2.3

cpe:/o:apple:mac_os_x:10.2.4

cpe:/o:apple:mac_os_x:10.2.5

cpe:/o:apple:mac_os_x:10.2.6

cpe:/o:apple:mac_os_x:10.2.7

cpe:/o:apple:mac_os_x:10.2.8

cpe:/o:apple:mac_os_x:10.3

cpe:/o:apple:mac_os_x:10.3.1

cpe:/o:apple:mac_os_x:10.3.2

cpe:/o:apple:mac_os_x:10.3.3

cpe:/o:apple:mac_os_x:10.3.4

cpe:/o:apple:mac_os_x:10.3.5

cpe:/o:apple:mac_os_x:10.3.6

cpe:/o:apple:mac_os_x:10.3.7

cpe:/o:apple:mac_os_x:10.3.8

cpe:/o:apple:mac_os_x:10.3.9

cpe:/o:apple:mac_os_x:10.4

cpe:/o:apple:mac_os_x:10.4.1

cpe:/o:apple:mac_os_x:10.4.10

cpe:/o:apple:mac_os_x:10.4.11

cpe:/o:apple:mac_os_x:10.4.2

cpe:/o:apple:mac_os_x:10.4.3

cpe:/o:apple:mac_os_x:10.4.4

cpe:/o:apple:mac_os_x:10.4.5

cpe:/o:apple:mac_os_x:10.4.6

cpe:/o:apple:mac_os_x:10.4.7

cpe:/o:apple:mac_os_x:10.4.8

cpe:/o:apple:mac_os_x:10.4.9

cpe:/o:apple:mac_os_x:10.5

cpe:/o:apple:mac_os_x:10.5.1

cpe:/o:apple:mac_os_x_server:10.0

cpe:/o:apple:mac_os_x_server:10.1

cpe:/o:apple:mac_os_x_server:10.1.1

cpe:/o:apple:mac_os_x_server:10.1.2

cpe:/o:apple:mac_os_x_server:10.1.3

cpe:/o:apple:mac_os_x_server:10.1.4

cpe:/o:apple:mac_os_x_server:10.1.5

cpe:/o:apple:mac_os_x_server:10.2

cpe:/o:apple:mac_os_x_server:10.2.1

cpe:/o:apple:mac_os_x_server:10.2.2

cpe:/o:apple:mac_os_x_server:10.2.3

cpe:/o:apple:mac_os_x_server:10.2.4

cpe:/o:apple:mac_os_x_server:10.2.5

cpe:/o:apple:mac_os_x_server:10.2.6

cpe:/o:apple:mac_os_x_server:10.2.7

cpe:/o:apple:mac_os_x_server:10.2.8

cpe:/o:apple:mac_os_x_server:10.3

cpe:/o:apple:mac_os_x_server:10.3.1

cpe:/o:apple:mac_os_x_server:10.3.2

cpe:/o:apple:mac_os_x_server:10.3.3

cpe:/o:apple:mac_os_x_server:10.3.4

cpe:/o:apple:mac_os_x_server:10.3.5

cpe:/o:apple:mac_os_x_server:10.3.6

cpe:/o:apple:mac_os_x_server:10.3.7

cpe:/o:apple:mac_os_x_server:10.3.8

cpe:/o:apple:mac_os_x_server:10.3.9

cpe:/o:apple:mac_os_x_server:10.4

cpe:/o:apple:mac_os_x_server:10.4.1

cpe:/o:apple:mac_os_x_server:10.4.10

cpe:/o:apple:mac_os_x_server:10.4.11

cpe:/o:apple:mac_os_x_server:10.4.2

cpe:/o:apple:mac_os_x_server:10.4.3

cpe:/o:apple:mac_os_x_server:10.4.4

cpe:/o:apple:mac_os_x_server:10.4.5

cpe:/o:apple:mac_os_x_server:10.4.6

cpe:/o:apple:mac_os_x_server:10.4.7

cpe:/o:apple:mac_os_x_server:10.4.8

cpe:/o:apple:mac_os_x_server:10.4.9

cpe:/o:apple:mac_os_x_server:10.5

cpe:/o:dragonflybsd:dragonflybsd:1.0

cpe:/o:dragonflybsd:dragonflybsd:1.1

cpe:/o:dragonflybsd:dragonflybsd:1.10.1

cpe:/o:dragonflybsd:dragonflybsd:1.2

cpe:/o:freebsd:freebsd:4.10

cpe:/o:freebsd:freebsd:4.10:release

cpe:/o:freebsd:freebsd:4.10:release_p8

cpe:/o:freebsd:freebsd:4.10:releng

cpe:/o:freebsd:freebsd:4.10_prerelease

cpe:/o:freebsd:freebsd:4.11:release_p3

cpe:/o:freebsd:freebsd:4.11:releng

cpe:/o:freebsd:freebsd:4.11:stable

cpe:/o:freebsd:freebsd:4.11_p20_release

cpe:/o:freebsd:freebsd:4.11_release

cpe:/o:freebsd:freebsd:4.4

cpe:/o:freebsd:freebsd:4.4:release_p42

cpe:/o:freebsd:freebsd:4.4:releng

cpe:/o:freebsd:freebsd:4.4:stable

cpe:/o:freebsd:freebsd:4.5

cpe:/o:freebsd:freebsd:4.5:release

cpe:/o:freebsd:freebsd:4.5:release_p32

cpe:/o:freebsd:freebsd:4.5:releng

cpe:/o:freebsd:freebsd:4.5:stable

cpe:/o:freebsd:freebsd:4.6

cpe:/o:freebsd:freebsd:4.6.2

cpe:/o:freebsd:freebsd:4.6:release

cpe:/o:freebsd:freebsd:4.6:release_p20

cpe:/o:freebsd:freebsd:4.6:releng

cpe:/o:freebsd:freebsd:4.6:stable

cpe:/o:freebsd:freebsd:4.7

cpe:/o:freebsd:freebsd:4.7:release

cpe:/o:freebsd:freebsd:4.7:release_p17

cpe:/o:freebsd:freebsd:4.7:releng

cpe:/o:freebsd:freebsd:4.7:stable

cpe:/o:freebsd:freebsd:4.8

cpe:/o:freebsd:freebsd:4.8:release_p7

cpe:/o:freebsd:freebsd:4.8:releng

cpe:/o:freebsd:freebsd:4.8_prerelease

cpe:/o:freebsd:freebsd:4.9

cpe:/o:freebsd:freebsd:4.9:releng

cpe:/o:freebsd:freebsd:4.9_prerelease

cpe:/o:freebsd:freebsd:5.0

cpe:/o:freebsd:freebsd:5.0:alpha

cpe:/o:freebsd:freebsd:5.0:release_p14

cpe:/o:freebsd:freebsd:5.0:releng

cpe:/o:freebsd:freebsd:5.1

cpe:/o:freebsd:freebsd:5.1:alpha

cpe:/o:freebsd:freebsd:5.1:release

cpe:/o:freebsd:freebsd:5.1:release_p5

cpe:/o:freebsd:freebsd:5.1:releng

cpe:/o:freebsd:freebsd:5.2

cpe:/o:freebsd:freebsd:5.2.1:release

cpe:/o:freebsd:freebsd:5.2.1:releng

cpe:/o:freebsd:freebsd:5.3

cpe:/o:freebsd:freebsd:5.3:release

cpe:/o:freebsd:freebsd:5.3:releng

cpe:/o:freebsd:freebsd:5.3:stable

cpe:/o:freebsd:freebsd:5.4:release

cpe:/o:freebsd:freebsd:5.4:releng

cpe:/o:freebsd:freebsd:5.4:stable

cpe:/o:freebsd:freebsd:5.5_release

cpe:/o:freebsd:freebsd:5.5_stable

cpe:/o:freebsd:freebsd:6.0

cpe:/o:freebsd:freebsd:6.0:release

cpe:/o:freebsd:freebsd:6.0:stable

cpe:/o:freebsd:freebsd:6.0_p5_release

cpe:/o:freebsd:freebsd:6.1

cpe:/o:freebsd:freebsd:6.1:release

cpe:/o:freebsd:freebsd:6.1:release_p10

cpe:/o:freebsd:freebsd:6.1:stable

cpe:/o:freebsd:freebsd:6.2

cpe:/o:freebsd:freebsd:6.2:stable

cpe:/o:freebsd:freebsd:6.2_releng

cpe:/o:freebsd:freebsd:6.3

cpe:/o:freebsd:freebsd:6.3_releng

cpe:/o:freebsd:freebsd:7.0:pre-release

cpe:/o:freebsd:freebsd:7.0_beta4

cpe:/o:freebsd:freebsd:7.0_releng

cpe:/o:netbsd:netbsd:1.6.2

cpe:/o:netbsd:netbsd:2.0

cpe:/o:netbsd:netbsd:2.0.1

cpe:/o:netbsd:netbsd:2.0.2

cpe:/o:netbsd:netbsd:2.0.3

cpe:/o:netbsd:netbsd:2.0.4

cpe:/o:netbsd:netbsd:2.1

cpe:/o:netbsd:netbsd:2.1.1

cpe:/o:netbsd:netbsd:3.0.1

cpe:/o:netbsd:netbsd:3.0.2

cpe:/o:netbsd:netbsd:3.1

cpe:/o:netbsd:netbsd:3.1:rc1

cpe:/o:netbsd:netbsd:3.1:rc3

cpe:/o:netbsd:netbsd:4.0

cpe:/o:netbsd:netbsd:4.0:beta

cpe:/o:netbsd:netbsd:4.0:beta2

cpe:/o:openbsd:openbsd:2.6

cpe:/o:openbsd:openbsd:2.7

cpe:/o:openbsd:openbsd:2.8

cpe:/o:openbsd:openbsd:2.9

cpe:/o:openbsd:openbsd:3.0

cpe:/o:openbsd:openbsd:3.1

cpe:/o:openbsd:openbsd:3.2

cpe:/o:openbsd:openbsd:3.3

cpe:/o:openbsd:openbsd:3.4

cpe:/o:openbsd:openbsd:3.5

cpe:/o:openbsd:openbsd:3.6

cpe:/o:openbsd:openbsd:3.7

cpe:/o:openbsd:openbsd:3.8

cpe:/o:openbsd:openbsd:3.9

cpe:/o:openbsd:openbsd:4.0

cpe:/o:openbsd:openbsd:4.1

cpe:/o:openbsd:openbsd:4.2

* cpe:/a:cosmicperl:directory_pro:10.0.3

* cpe:/a:darwin:darwin:1.0

* cpe:/a:darwin:darwin:9.1

* cpe:/a:navision:financials_server:3.0

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Design Error (NVD-CWE-DesignError)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1146