CVE-2008-1146
First published: Tue Mar 04 2008(Updated: )
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | =10.0 | |
| Apple iOS and macOS | =10.0.1 | |
| Apple iOS and macOS | =10.0.2 | |
| Apple iOS and macOS | =10.0.3 | |
| Apple iOS and macOS | =10.0.4 | |
| Apple iOS and macOS | =10.1 | |
| Apple iOS and macOS | =10.1.1 | |
| Apple iOS and macOS | =10.1.2 | |
| Apple iOS and macOS | =10.1.3 | |
| Apple iOS and macOS | =10.1.4 | |
| Apple iOS and macOS | =10.1.5 | |
| Apple iOS and macOS | =10.2 | |
| Apple iOS and macOS | =10.2.1 | |
| Apple iOS and macOS | =10.2.2 | |
| Apple iOS and macOS | =10.2.3 | |
| Apple iOS and macOS | =10.2.4 | |
| Apple iOS and macOS | =10.2.5 | |
| Apple iOS and macOS | =10.2.6 | |
| Apple iOS and macOS | =10.2.7 | |
| Apple iOS and macOS | =10.2.8 | |
| Apple iOS and macOS | =10.3 | |
| Apple iOS and macOS | =10.3.1 | |
| Apple iOS and macOS | =10.3.2 | |
| Apple iOS and macOS | =10.3.3 | |
| Apple iOS and macOS | =10.3.4 | |
| Apple iOS and macOS | =10.3.5 | |
| Apple iOS and macOS | =10.3.6 | |
| Apple iOS and macOS | =10.3.7 | |
| Apple iOS and macOS | =10.3.8 | |
| Apple iOS and macOS | =10.3.9 | |
| Apple iOS and macOS | =10.4 | |
| Apple iOS and macOS | =10.4.1 | |
| Apple iOS and macOS | =10.4.2 | |
| Apple iOS and macOS | =10.4.3 | |
| Apple iOS and macOS | =10.4.4 | |
| Apple iOS and macOS | =10.4.5 | |
| Apple iOS and macOS | =10.4.6 | |
| Apple iOS and macOS | =10.4.7 | |
| Apple iOS and macOS | =10.4.8 | |
| Apple iOS and macOS | =10.4.9 | |
| Apple iOS and macOS | =10.4.10 | |
| Apple iOS and macOS | =10.4.11 | |
| Apple iOS and macOS | =10.5 | |
| Apple iOS and macOS | =10.5.1 | |
| Apple iOS and macOS | =10.0 | |
| Apple iOS and macOS | =10.1 | |
| Apple iOS and macOS | =10.1.1 | |
| Apple iOS and macOS | =10.1.2 | |
| Apple iOS and macOS | =10.1.3 | |
| Apple iOS and macOS | =10.1.4 | |
| Apple iOS and macOS | =10.1.5 | |
| Apple iOS and macOS | =10.2 | |
| Apple iOS and macOS | =10.2.1 | |
| Apple iOS and macOS | =10.2.2 | |
| Apple iOS and macOS | =10.2.3 | |
| Apple iOS and macOS | =10.2.4 | |
| Apple iOS and macOS | =10.2.5 | |
| Apple iOS and macOS | =10.2.6 | |
| Apple iOS and macOS | =10.2.7 | |
| Apple iOS and macOS | =10.2.8 | |
| Apple iOS and macOS | =10.3 | |
| Apple iOS and macOS | =10.3.1 | |
| Apple iOS and macOS | =10.3.2 | |
| Apple iOS and macOS | =10.3.3 | |
| Apple iOS and macOS | =10.3.4 | |
| Apple iOS and macOS | =10.3.5 | |
| Apple iOS and macOS | =10.3.6 | |
| Apple iOS and macOS | =10.3.7 | |
| Apple iOS and macOS | =10.3.8 | |
| Apple iOS and macOS | =10.3.9 | |
| Apple iOS and macOS | =10.4 | |
| Apple iOS and macOS | =10.4.1 | |
| Apple iOS and macOS | =10.4.2 | |
| Apple iOS and macOS | =10.4.3 | |
| Apple iOS and macOS | =10.4.4 | |
| Apple iOS and macOS | =10.4.5 | |
| Apple iOS and macOS | =10.4.6 | |
| Apple iOS and macOS | =10.4.7 | |
| Apple iOS and macOS | =10.4.8 | |
| Apple iOS and macOS | =10.4.9 | |
| Apple iOS and macOS | =10.4.10 | |
| Apple iOS and macOS | =10.4.11 | |
| Apple iOS and macOS | =10.5 | |
| DragonFlyBSD | =1.0 | |
| DragonFlyBSD | =1.1 | |
| DragonFlyBSD | =1.2 | |
| DragonFlyBSD | =1.10.1 | |
| FreeBSD Kernel | =4.4 | |
| FreeBSD Kernel | =4.4-release_p42 | |
| FreeBSD Kernel | =4.4-releng | |
| FreeBSD Kernel | =4.4-stable | |
| FreeBSD Kernel | =4.5 | |
| FreeBSD Kernel | =4.5-release | |
| FreeBSD Kernel | =4.5-release_p32 | |
| FreeBSD Kernel | =4.5-releng | |
| FreeBSD Kernel | =4.5-stable | |
| FreeBSD Kernel | =4.6 | |
| FreeBSD Kernel | =4.6-release | |
| FreeBSD Kernel | =4.6-release_p20 | |
| FreeBSD Kernel | =4.6-releng | |
| FreeBSD Kernel | =4.6-stable | |
| FreeBSD Kernel | =4.6.2 | |
| FreeBSD Kernel | =4.7 | |
| FreeBSD Kernel | =4.7-release | |
| FreeBSD Kernel | =4.7-release_p17 | |
| FreeBSD Kernel | =4.7-releng | |
| FreeBSD Kernel | =4.7-stable | |
| FreeBSD Kernel | =4.8 | |
| FreeBSD Kernel | =4.8-release_p7 | |
| FreeBSD Kernel | =4.8-releng | |
| FreeBSD Kernel | =4.8_prerelease | |
| FreeBSD Kernel | =4.9 | |
| FreeBSD Kernel | =4.9-releng | |
| FreeBSD Kernel | =4.9_prerelease | |
| FreeBSD Kernel | =4.10 | |
| FreeBSD Kernel | =4.10-release | |
| FreeBSD Kernel | =4.10-release_p8 | |
| FreeBSD Kernel | =4.10-releng | |
| FreeBSD Kernel | =4.10_prerelease | |
| FreeBSD Kernel | =4.11-release_p3 | |
| FreeBSD Kernel | =4.11-releng | |
| FreeBSD Kernel | =4.11-stable | |
| FreeBSD Kernel | =4.11_p20_release | |
| FreeBSD Kernel | =4.11_release | |
| FreeBSD Kernel | =5.0 | |
| FreeBSD Kernel | =5.0-alpha | |
| FreeBSD Kernel | =5.0-release_p14 | |
| FreeBSD Kernel | =5.0-releng | |
| FreeBSD Kernel | =5.1 | |
| FreeBSD Kernel | =5.1-alpha | |
| FreeBSD Kernel | =5.1-release | |
| FreeBSD Kernel | =5.1-release_p5 | |
| FreeBSD Kernel | =5.1-releng | |
| FreeBSD Kernel | =5.2 | |
| FreeBSD Kernel | =5.2.1-release | |
| FreeBSD Kernel | =5.2.1-releng | |
| FreeBSD Kernel | =5.3 | |
| FreeBSD Kernel | =5.3-release | |
| FreeBSD Kernel | =5.3-releng | |
| FreeBSD Kernel | =5.3-stable | |
| FreeBSD Kernel | =5.4-release | |
| FreeBSD Kernel | =5.4-releng | |
| FreeBSD Kernel | =5.4-stable | |
| FreeBSD Kernel | =5.5_release | |
| FreeBSD Kernel | =5.5_stable | |
| FreeBSD Kernel | =6.0 | |
| FreeBSD Kernel | =6.0-release | |
| FreeBSD Kernel | =6.0-stable | |
| FreeBSD Kernel | =6.0_p5_release | |
| FreeBSD Kernel | =6.1 | |
| FreeBSD Kernel | =6.1-release | |
| FreeBSD Kernel | =6.1-release_p10 | |
| FreeBSD Kernel | =6.1-stable | |
| FreeBSD Kernel | =6.2 | |
| FreeBSD Kernel | =6.2-stable | |
| FreeBSD Kernel | =6.2_releng | |
| FreeBSD Kernel | =6.3 | |
| FreeBSD Kernel | =6.3_releng | |
| FreeBSD Kernel | =7.0-pre-release | |
| FreeBSD Kernel | =7.0_beta4 | |
| FreeBSD Kernel | =7.0_releng | |
| NetBSD current | =1.6.2 | |
| NetBSD current | =2.0 | |
| NetBSD current | =2.0.1 | |
| NetBSD current | =2.0.2 | |
| NetBSD current | =2.0.3 | |
| NetBSD current | =2.0.4 | |
| NetBSD current | =2.1 | |
| NetBSD current | =2.1.1 | |
| NetBSD current | =3.0.1 | |
| NetBSD current | =3.0.2 | |
| NetBSD current | =3.1 | |
| NetBSD current | =3.1-rc1 | |
| NetBSD current | =3.1-rc3 | |
| NetBSD current | =4.0 | |
| NetBSD current | =4.0-beta | |
| NetBSD current | =4.0-beta2 | |
| OpenBSD | =2.6 | |
| OpenBSD | =2.7 | |
| OpenBSD | =2.8 | |
| OpenBSD | =2.9 | |
| OpenBSD | =3.0 | |
| OpenBSD | =3.1 | |
| OpenBSD | =3.2 | |
| OpenBSD | =3.3 | |
| OpenBSD | =3.4 | |
| OpenBSD | =3.5 | |
| OpenBSD | =3.6 | |
| OpenBSD | =3.7 | |
| OpenBSD | =3.8 | |
| OpenBSD | =3.9 | |
| OpenBSD | =4.0 | |
| OpenBSD | =4.1 | |
| OpenBSD | =4.2 | |
| Cosmicperl Directory Pro | =10.0.3 | |
| Darwin | =1.0 | |
| Darwin | =9.1 | |
| Microsoft Dynamics NAV | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf
- http://www.securiteam.com/securityreviews/5PP0H0UNGW.html
- http://www.securityfocus.com/archive/1/487658
- http://www.securityfocus.com/bid/27647
- http://secunia.com/advisories/28819
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40329
Frequently Asked Questions
What is the severity of CVE-2008-1146?
CVE-2008-1146 is classified as a high-severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2008-1146?
To fix CVE-2008-1146, upgrade to an updated version of OpenBSD or apply patches that mitigate the predictable random number generation.
What systems are affected by CVE-2008-1146?
CVE-2008-1146 affects OpenBSD versions from 2.8 through 4.2, as well as systems using the same pseudo-random number generator algorithm.
Can CVE-2008-1146 lead to data breaches?
Yes, CVE-2008-1146 can allow attackers to predict sensitive values such as DNS transaction IDs, potentially leading to data breaches.
Is CVE-2008-1146 being actively exploited?
While CVE-2008-1146 has been identified as a serious vulnerability, active exploitation may vary and should be monitored according to threat intelligence.
- collector/nvd-historical
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.0
- version/apple ios and macos/10.0.1
- version/apple ios and macos/10.0.2
- version/apple ios and macos/10.0.3
- version/apple ios and macos/10.0.4
- version/apple ios and macos/10.1
- version/apple ios and macos/10.1.1
- version/apple ios and macos/10.1.2
- version/apple ios and macos/10.1.3
- version/apple ios and macos/10.1.4
- version/apple ios and macos/10.1.5
- version/apple ios and macos/10.2
- version/apple ios and macos/10.2.1
- version/apple ios and macos/10.2.2
- version/apple ios and macos/10.2.3
- version/apple ios and macos/10.2.4
- version/apple ios and macos/10.2.5
- version/apple ios and macos/10.2.6
- version/apple ios and macos/10.2.7
- version/apple ios and macos/10.2.8
- version/apple ios and macos/10.3
- version/apple ios and macos/10.3.1
- version/apple ios and macos/10.3.2
- version/apple ios and macos/10.3.3
- version/apple ios and macos/10.3.4
- version/apple ios and macos/10.3.5
- version/apple ios and macos/10.3.6
- version/apple ios and macos/10.3.7
- version/apple ios and macos/10.3.8
- version/apple ios and macos/10.3.9
- version/apple ios and macos/10.4
- version/apple ios and macos/10.4.1
- version/apple ios and macos/10.4.2
- version/apple ios and macos/10.4.3
- version/apple ios and macos/10.4.4
- version/apple ios and macos/10.4.5
- version/apple ios and macos/10.4.6
- version/apple ios and macos/10.4.7
- version/apple ios and macos/10.4.8
- version/apple ios and macos/10.4.9
- version/apple ios and macos/10.4.10
- version/apple ios and macos/10.4.11
- version/apple ios and macos/10.5
- version/apple ios and macos/10.5.1
- vendor/dragonflybsd
- canonical/dragonflybsd
- version/dragonflybsd/1.0
- version/dragonflybsd/1.1
- version/dragonflybsd/1.2
- version/dragonflybsd/1.10.1
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/4.4
- version/freebsd kernel/4.4-release_p42
- version/freebsd kernel/4.4-releng
- version/freebsd kernel/4.4-stable
- version/freebsd kernel/4.5
- version/freebsd kernel/4.5-release
- version/freebsd kernel/4.5-release_p32
- version/freebsd kernel/4.5-releng
- version/freebsd kernel/4.5-stable
- version/freebsd kernel/4.6
- version/freebsd kernel/4.6-release
- version/freebsd kernel/4.6-release_p20
- version/freebsd kernel/4.6-releng
- version/freebsd kernel/4.6-stable
- version/freebsd kernel/4.6.2
- version/freebsd kernel/4.7
- version/freebsd kernel/4.7-release
- version/freebsd kernel/4.7-release_p17
- version/freebsd kernel/4.7-releng
- version/freebsd kernel/4.7-stable
- version/freebsd kernel/4.8
- version/freebsd kernel/4.8-release_p7
- version/freebsd kernel/4.8-releng
- version/freebsd kernel/4.8_prerelease
- version/freebsd kernel/4.9
- version/freebsd kernel/4.9-releng
- version/freebsd kernel/4.9_prerelease
- version/freebsd kernel/4.10
- version/freebsd kernel/4.10-release
- version/freebsd kernel/4.10-release_p8
- version/freebsd kernel/4.10-releng
- version/freebsd kernel/4.10_prerelease
- version/freebsd kernel/4.11-release_p3
- version/freebsd kernel/4.11-releng
- version/freebsd kernel/4.11-stable
- version/freebsd kernel/4.11_p20_release
- version/freebsd kernel/4.11_release
- version/freebsd kernel/5.0
- version/freebsd kernel/5.0-alpha
- version/freebsd kernel/5.0-release_p14
- version/freebsd kernel/5.0-releng
- version/freebsd kernel/5.1
- version/freebsd kernel/5.1-alpha
- version/freebsd kernel/5.1-release
- version/freebsd kernel/5.1-release_p5
- version/freebsd kernel/5.1-releng
- version/freebsd kernel/5.2
- version/freebsd kernel/5.2.1-release
- version/freebsd kernel/5.2.1-releng
- version/freebsd kernel/5.3
- version/freebsd kernel/5.3-release
- version/freebsd kernel/5.3-releng
- version/freebsd kernel/5.3-stable
- version/freebsd kernel/5.4-release
- version/freebsd kernel/5.4-releng
- version/freebsd kernel/5.4-stable
- version/freebsd kernel/5.5_release
- version/freebsd kernel/5.5_stable
- version/freebsd kernel/6.0
- version/freebsd kernel/6.0-release
- version/freebsd kernel/6.0-stable
- version/freebsd kernel/6.0_p5_release
- version/freebsd kernel/6.1
- version/freebsd kernel/6.1-release
- version/freebsd kernel/6.1-release_p10
- version/freebsd kernel/6.1-stable
- version/freebsd kernel/6.2
- version/freebsd kernel/6.2-stable
- version/freebsd kernel/6.2_releng
- version/freebsd kernel/6.3
- version/freebsd kernel/6.3_releng
- version/freebsd kernel/7.0-pre-release
- version/freebsd kernel/7.0_beta4
- version/freebsd kernel/7.0_releng
- vendor/netbsd
- canonical/netbsd current
- version/netbsd current/1.6.2
- version/netbsd current/2.0
- version/netbsd current/2.0.1
- version/netbsd current/2.0.2
- version/netbsd current/2.0.3
- version/netbsd current/2.0.4
- version/netbsd current/2.1
- version/netbsd current/2.1.1
- version/netbsd current/3.0.1
- version/netbsd current/3.0.2
- version/netbsd current/3.1
- version/netbsd current/3.1-rc1
- version/netbsd current/3.1-rc3
- version/netbsd current/4.0
- version/netbsd current/4.0-beta
- version/netbsd current/4.0-beta2
- vendor/openbsd
- canonical/openbsd
- version/openbsd/2.6
- version/openbsd/2.7
- version/openbsd/2.8
- version/openbsd/2.9
- version/openbsd/3.0
- version/openbsd/3.1
- version/openbsd/3.2
- version/openbsd/3.3
- version/openbsd/3.4
- version/openbsd/3.5
- version/openbsd/3.6
- version/openbsd/3.7
- version/openbsd/3.8
- version/openbsd/3.9
- version/openbsd/4.0
- version/openbsd/4.1
- version/openbsd/4.2
- vendor/cosmicperl
- canonical/cosmicperl directory pro
- version/cosmicperl directory pro/10.0.3
- vendor/darwin
- canonical/darwin
- version/darwin/1.0
- version/darwin/9.1
- vendor/navision
- canonical/microsoft dynamics nav
- version/microsoft dynamics nav/3.0