A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2008-03-04 15:44
Updated : 2017-08-07 18:29
NVD link : CVE-2008-1146
Mitre link : CVE-2008-1146
JSON object : View
CWE
Products Affected
apple
- mac_os_x_server
- mac_os_x
navision
- financials_server
netbsd
- netbsd
darwin
- darwin
dragonflybsd
- dragonflybsd
freebsd
- freebsd
openbsd
- openbsd
cosmicperl
- directory_pro