CVE-2008-1146

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.
Configurations

Configuration 1


Information

Published : 2008-03-04 11:44

Updated : 2017-08-08 01:29


NVD link : CVE-2008-1146

Mitre link : CVE-2008-1146

Products Affected
No products.