CVE-2008-1148 Information
Description
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka \Algorithm A0) as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0 allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning injection into TCP packets and OS fingerprinting.
Reference
http://secunia.com/advisories/28819 http://www.securiteam.com/securityreviews/5PP0H0UNGW.html http://www.securityfocus.com/archive/1/487658 http://www.securityfocus.com/bid/27647 http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/40329 https://exchange.xforce.ibmcloud.com/vulnerabilities/41157
Share on: