Vulnerability CVE-2008-1148

Vulnerability CVE-2008-1148

Published: 2008-03-04 Modified: 2012-02-12

Description:

A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Navision -> Financials server
Darwin -> Darwin
Cosmicperl -> Directory pro

References:

http://www.securiteam.com/securityreviews/5PP0H0UNGW.html

http://www.securityfocus.com/archive/1/487658

http://www.securityfocus.com/bid/27647

http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf

https://exchange.xforce.ibmcloud.com/vulnerabilities/40329

https://exchange.xforce.ibmcloud.com/vulnerabilities/41157

Copyright 2024, cxsecurity.com