CVE-2008-1148
First published: Tue Mar 04 2008(Updated: )
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | =10.0 | |
| Apple iOS and macOS | =10.0.1 | |
| Apple iOS and macOS | =10.0.2 | |
| Apple iOS and macOS | =10.0.3 | |
| Apple iOS and macOS | =10.0.4 | |
| Apple iOS and macOS | =10.1 | |
| Apple iOS and macOS | =10.1.1 | |
| Apple iOS and macOS | =10.1.2 | |
| Apple iOS and macOS | =10.1.3 | |
| Apple iOS and macOS | =10.1.4 | |
| Apple iOS and macOS | =10.1.5 | |
| Apple iOS and macOS | =10.2 | |
| Apple iOS and macOS | =10.2.1 | |
| Apple iOS and macOS | =10.2.2 | |
| Apple iOS and macOS | =10.2.3 | |
| Apple iOS and macOS | =10.2.4 | |
| Apple iOS and macOS | =10.2.5 | |
| Apple iOS and macOS | =10.2.6 | |
| Apple iOS and macOS | =10.2.7 | |
| Apple iOS and macOS | =10.2.8 | |
| Apple iOS and macOS | =10.3 | |
| Apple iOS and macOS | =10.3.1 | |
| Apple iOS and macOS | =10.3.2 | |
| Apple iOS and macOS | =10.3.3 | |
| Apple iOS and macOS | =10.3.4 | |
| Apple iOS and macOS | =10.3.5 | |
| Apple iOS and macOS | =10.3.6 | |
| Apple iOS and macOS | =10.3.7 | |
| Apple iOS and macOS | =10.3.8 | |
| Apple iOS and macOS | =10.3.9 | |
| Apple iOS and macOS | =10.4 | |
| Apple iOS and macOS | =10.4.1 | |
| Apple iOS and macOS | =10.4.2 | |
| Apple iOS and macOS | =10.4.3 | |
| Apple iOS and macOS | =10.4.4 | |
| Apple iOS and macOS | =10.4.5 | |
| Apple iOS and macOS | =10.4.6 | |
| Apple iOS and macOS | =10.4.7 | |
| Apple iOS and macOS | =10.4.8 | |
| Apple iOS and macOS | =10.4.9 | |
| Apple iOS and macOS | =10.4.10 | |
| Apple iOS and macOS | =10.4.11 | |
| Apple iOS and macOS | =10.5 | |
| Apple iOS and macOS | =10.5.1 | |
| Apple iOS and macOS | =10.0 | |
| Apple iOS and macOS | =10.1 | |
| Apple iOS and macOS | =10.1.1 | |
| Apple iOS and macOS | =10.1.2 | |
| Apple iOS and macOS | =10.1.3 | |
| Apple iOS and macOS | =10.1.4 | |
| Apple iOS and macOS | =10.1.5 | |
| Apple iOS and macOS | =10.2 | |
| Apple iOS and macOS | =10.2.1 | |
| Apple iOS and macOS | =10.2.2 | |
| Apple iOS and macOS | =10.2.3 | |
| Apple iOS and macOS | =10.2.4 | |
| Apple iOS and macOS | =10.2.5 | |
| Apple iOS and macOS | =10.2.6 | |
| Apple iOS and macOS | =10.2.7 | |
| Apple iOS and macOS | =10.2.8 | |
| Apple iOS and macOS | =10.3 | |
| Apple iOS and macOS | =10.3.1 | |
| Apple iOS and macOS | =10.3.2 | |
| Apple iOS and macOS | =10.3.3 | |
| Apple iOS and macOS | =10.3.4 | |
| Apple iOS and macOS | =10.3.5 | |
| Apple iOS and macOS | =10.3.6 | |
| Apple iOS and macOS | =10.3.7 | |
| Apple iOS and macOS | =10.3.8 | |
| Apple iOS and macOS | =10.3.9 | |
| Apple iOS and macOS | =10.4 | |
| Apple iOS and macOS | =10.4.1 | |
| Apple iOS and macOS | =10.4.2 | |
| Apple iOS and macOS | =10.4.3 | |
| Apple iOS and macOS | =10.4.4 | |
| Apple iOS and macOS | =10.4.5 | |
| Apple iOS and macOS | =10.4.6 | |
| Apple iOS and macOS | =10.4.7 | |
| Apple iOS and macOS | =10.4.8 | |
| Apple iOS and macOS | =10.4.9 | |
| Apple iOS and macOS | =10.4.10 | |
| Apple iOS and macOS | =10.4.11 | |
| Apple iOS and macOS | =10.5 | |
| DragonFlyBSD | =1.0 | |
| DragonFlyBSD | =1.1 | |
| DragonFlyBSD | =1.2 | |
| DragonFlyBSD | =1.10.1 | |
| FreeBSD Kernel | =4.4 | |
| FreeBSD Kernel | =4.4-release_p42 | |
| FreeBSD Kernel | =4.4-releng | |
| FreeBSD Kernel | =4.4-stable | |
| FreeBSD Kernel | =4.5 | |
| FreeBSD Kernel | =4.5-release | |
| FreeBSD Kernel | =4.5-release_p32 | |
| FreeBSD Kernel | =4.5-releng | |
| FreeBSD Kernel | =4.5-stable | |
| FreeBSD Kernel | =4.6 | |
| FreeBSD Kernel | =4.6-release | |
| FreeBSD Kernel | =4.6-release_p20 | |
| FreeBSD Kernel | =4.6-releng | |
| FreeBSD Kernel | =4.6-stable | |
| FreeBSD Kernel | =4.6.2 | |
| FreeBSD Kernel | =4.7 | |
| FreeBSD Kernel | =4.7-release | |
| FreeBSD Kernel | =4.7-release_p17 | |
| FreeBSD Kernel | =4.7-releng | |
| FreeBSD Kernel | =4.7-stable | |
| FreeBSD Kernel | =4.8 | |
| FreeBSD Kernel | =4.8-release_p7 | |
| FreeBSD Kernel | =4.8-releng | |
| FreeBSD Kernel | =4.8_prerelease | |
| FreeBSD Kernel | =4.9 | |
| FreeBSD Kernel | =4.9-releng | |
| FreeBSD Kernel | =4.9_prerelease | |
| FreeBSD Kernel | =4.10 | |
| FreeBSD Kernel | =4.10-release | |
| FreeBSD Kernel | =4.10-release_p8 | |
| FreeBSD Kernel | =4.10-releng | |
| FreeBSD Kernel | =4.10_prerelease | |
| FreeBSD Kernel | =4.11-release_p3 | |
| FreeBSD Kernel | =4.11-releng | |
| FreeBSD Kernel | =4.11-stable | |
| FreeBSD Kernel | =4.11_p20_release | |
| FreeBSD Kernel | =4.11_release | |
| FreeBSD Kernel | =5.0 | |
| FreeBSD Kernel | =5.0-alpha | |
| FreeBSD Kernel | =5.0-release_p14 | |
| FreeBSD Kernel | =5.0-releng | |
| FreeBSD Kernel | =5.1 | |
| FreeBSD Kernel | =5.1-alpha | |
| FreeBSD Kernel | =5.1-release | |
| FreeBSD Kernel | =5.1-release_p5 | |
| FreeBSD Kernel | =5.1-releng | |
| FreeBSD Kernel | =5.2 | |
| FreeBSD Kernel | =5.2.1-release | |
| FreeBSD Kernel | =5.2.1-releng | |
| FreeBSD Kernel | =5.3 | |
| FreeBSD Kernel | =5.3-release | |
| FreeBSD Kernel | =5.3-releng | |
| FreeBSD Kernel | =5.3-stable | |
| FreeBSD Kernel | =5.4-release | |
| FreeBSD Kernel | =5.4-releng | |
| FreeBSD Kernel | =5.4-stable | |
| FreeBSD Kernel | =5.5_release | |
| FreeBSD Kernel | =5.5_stable | |
| FreeBSD Kernel | =6.0 | |
| FreeBSD Kernel | =6.0-release | |
| FreeBSD Kernel | =6.0-stable | |
| FreeBSD Kernel | =6.0_p5_release | |
| FreeBSD Kernel | =6.1 | |
| FreeBSD Kernel | =6.1-release | |
| FreeBSD Kernel | =6.1-release_p10 | |
| FreeBSD Kernel | =6.1-stable | |
| FreeBSD Kernel | =6.2 | |
| FreeBSD Kernel | =6.2-stable | |
| FreeBSD Kernel | =6.2_releng | |
| FreeBSD Kernel | =6.3 | |
| FreeBSD Kernel | =6.3_releng | |
| FreeBSD Kernel | =7.0-pre-release | |
| FreeBSD Kernel | =7.0_beta4 | |
| FreeBSD Kernel | =7.0_releng | |
| NetBSD current | =1.6.2 | |
| NetBSD current | =2.0 | |
| NetBSD current | =2.0.1 | |
| NetBSD current | =2.0.2 | |
| NetBSD current | =2.0.3 | |
| NetBSD current | =2.0.4 | |
| NetBSD current | =2.1 | |
| NetBSD current | =2.1.1 | |
| NetBSD current | =3.0.1 | |
| NetBSD current | =3.0.2 | |
| NetBSD current | =3.1 | |
| NetBSD current | =3.1-rc1 | |
| NetBSD current | =3.1-rc3 | |
| NetBSD current | =4.0 | |
| NetBSD current | =4.0-beta | |
| NetBSD current | =4.0-beta2 | |
| OpenBSD | =2.6 | |
| OpenBSD | =2.7 | |
| OpenBSD | =2.8 | |
| OpenBSD | =2.9 | |
| OpenBSD | =3.0 | |
| OpenBSD | =3.1 | |
| OpenBSD | =3.2 | |
| OpenBSD | =3.3 | |
| OpenBSD | =3.4 | |
| OpenBSD | =3.5 | |
| OpenBSD | =3.6 | |
| OpenBSD | =3.7 | |
| OpenBSD | =3.8 | |
| OpenBSD | =3.9 | |
| OpenBSD | =4.0 | |
| OpenBSD | =4.1 | |
| OpenBSD | =4.2 | |
| Cosmicperl Directory Pro | =10.0.3 | |
| Darwin | =1.0 | |
| Darwin | =9.1 | |
| Microsoft Dynamics NAV | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf
- http://www.securiteam.com/securityreviews/5PP0H0UNGW.html
- http://www.securityfocus.com/archive/1/487658
- http://www.securityfocus.com/bid/27647
- http://secunia.com/advisories/28819
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41157
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40329
Frequently Asked Questions
What is the severity of CVE-2008-1148?
CVE-2008-1148 is considered a high severity vulnerability that can potentially allow remote attackers to predict values used in network protocols.
How does CVE-2008-1148 affect my system?
CVE-2008-1148 can allow attackers to guess sensitive values, such as DNS transaction IDs or IP fragmentation IDs, thus compromising network communication.
What versions are affected by CVE-2008-1148?
CVE-2008-1148 affects OpenBSD versions 3.5 through 4.2 and NetBSD versions 1.6.2 through 4.0.
How do I fix CVE-2008-1148?
To mitigate CVE-2008-1148, upgrade to newer versions of OpenBSD or NetBSD that have addressed this vulnerability.
Can CVE-2008-1148 be exploited remotely?
Yes, CVE-2008-1148 can be exploited remotely, allowing attackers to conduct DNS cache poisoning and other network-based attacks.
- collector/nvd-historical
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.0
- version/apple ios and macos/10.0.1
- version/apple ios and macos/10.0.2
- version/apple ios and macos/10.0.3
- version/apple ios and macos/10.0.4
- version/apple ios and macos/10.1
- version/apple ios and macos/10.1.1
- version/apple ios and macos/10.1.2
- version/apple ios and macos/10.1.3
- version/apple ios and macos/10.1.4
- version/apple ios and macos/10.1.5
- version/apple ios and macos/10.2
- version/apple ios and macos/10.2.1
- version/apple ios and macos/10.2.2
- version/apple ios and macos/10.2.3
- version/apple ios and macos/10.2.4
- version/apple ios and macos/10.2.5
- version/apple ios and macos/10.2.6
- version/apple ios and macos/10.2.7
- version/apple ios and macos/10.2.8
- version/apple ios and macos/10.3
- version/apple ios and macos/10.3.1
- version/apple ios and macos/10.3.2
- version/apple ios and macos/10.3.3
- version/apple ios and macos/10.3.4
- version/apple ios and macos/10.3.5
- version/apple ios and macos/10.3.6
- version/apple ios and macos/10.3.7
- version/apple ios and macos/10.3.8
- version/apple ios and macos/10.3.9
- version/apple ios and macos/10.4
- version/apple ios and macos/10.4.1
- version/apple ios and macos/10.4.2
- version/apple ios and macos/10.4.3
- version/apple ios and macos/10.4.4
- version/apple ios and macos/10.4.5
- version/apple ios and macos/10.4.6
- version/apple ios and macos/10.4.7
- version/apple ios and macos/10.4.8
- version/apple ios and macos/10.4.9
- version/apple ios and macos/10.4.10
- version/apple ios and macos/10.4.11
- version/apple ios and macos/10.5
- version/apple ios and macos/10.5.1
- vendor/dragonflybsd
- canonical/dragonflybsd
- version/dragonflybsd/1.0
- version/dragonflybsd/1.1
- version/dragonflybsd/1.2
- version/dragonflybsd/1.10.1
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/4.4
- version/freebsd kernel/4.4-release_p42
- version/freebsd kernel/4.4-releng
- version/freebsd kernel/4.4-stable
- version/freebsd kernel/4.5
- version/freebsd kernel/4.5-release
- version/freebsd kernel/4.5-release_p32
- version/freebsd kernel/4.5-releng
- version/freebsd kernel/4.5-stable
- version/freebsd kernel/4.6
- version/freebsd kernel/4.6-release
- version/freebsd kernel/4.6-release_p20
- version/freebsd kernel/4.6-releng
- version/freebsd kernel/4.6-stable
- version/freebsd kernel/4.6.2
- version/freebsd kernel/4.7
- version/freebsd kernel/4.7-release
- version/freebsd kernel/4.7-release_p17
- version/freebsd kernel/4.7-releng
- version/freebsd kernel/4.7-stable
- version/freebsd kernel/4.8
- version/freebsd kernel/4.8-release_p7
- version/freebsd kernel/4.8-releng
- version/freebsd kernel/4.8_prerelease
- version/freebsd kernel/4.9
- version/freebsd kernel/4.9-releng
- version/freebsd kernel/4.9_prerelease
- version/freebsd kernel/4.10
- version/freebsd kernel/4.10-release
- version/freebsd kernel/4.10-release_p8
- version/freebsd kernel/4.10-releng
- version/freebsd kernel/4.10_prerelease
- version/freebsd kernel/4.11-release_p3
- version/freebsd kernel/4.11-releng
- version/freebsd kernel/4.11-stable
- version/freebsd kernel/4.11_p20_release
- version/freebsd kernel/4.11_release
- version/freebsd kernel/5.0
- version/freebsd kernel/5.0-alpha
- version/freebsd kernel/5.0-release_p14
- version/freebsd kernel/5.0-releng
- version/freebsd kernel/5.1
- version/freebsd kernel/5.1-alpha
- version/freebsd kernel/5.1-release
- version/freebsd kernel/5.1-release_p5
- version/freebsd kernel/5.1-releng
- version/freebsd kernel/5.2
- version/freebsd kernel/5.2.1-release
- version/freebsd kernel/5.2.1-releng
- version/freebsd kernel/5.3
- version/freebsd kernel/5.3-release
- version/freebsd kernel/5.3-releng
- version/freebsd kernel/5.3-stable
- version/freebsd kernel/5.4-release
- version/freebsd kernel/5.4-releng
- version/freebsd kernel/5.4-stable
- version/freebsd kernel/5.5_release
- version/freebsd kernel/5.5_stable
- version/freebsd kernel/6.0
- version/freebsd kernel/6.0-release
- version/freebsd kernel/6.0-stable
- version/freebsd kernel/6.0_p5_release
- version/freebsd kernel/6.1
- version/freebsd kernel/6.1-release
- version/freebsd kernel/6.1-release_p10
- version/freebsd kernel/6.1-stable
- version/freebsd kernel/6.2
- version/freebsd kernel/6.2-stable
- version/freebsd kernel/6.2_releng
- version/freebsd kernel/6.3
- version/freebsd kernel/6.3_releng
- version/freebsd kernel/7.0-pre-release
- version/freebsd kernel/7.0_beta4
- version/freebsd kernel/7.0_releng
- vendor/netbsd
- canonical/netbsd current
- version/netbsd current/1.6.2
- version/netbsd current/2.0
- version/netbsd current/2.0.1
- version/netbsd current/2.0.2
- version/netbsd current/2.0.3
- version/netbsd current/2.0.4
- version/netbsd current/2.1
- version/netbsd current/2.1.1
- version/netbsd current/3.0.1
- version/netbsd current/3.0.2
- version/netbsd current/3.1
- version/netbsd current/3.1-rc1
- version/netbsd current/3.1-rc3
- version/netbsd current/4.0
- version/netbsd current/4.0-beta
- version/netbsd current/4.0-beta2
- vendor/openbsd
- canonical/openbsd
- version/openbsd/2.6
- version/openbsd/2.7
- version/openbsd/2.8
- version/openbsd/2.9
- version/openbsd/3.0
- version/openbsd/3.1
- version/openbsd/3.2
- version/openbsd/3.3
- version/openbsd/3.4
- version/openbsd/3.5
- version/openbsd/3.6
- version/openbsd/3.7
- version/openbsd/3.8
- version/openbsd/3.9
- version/openbsd/4.0
- version/openbsd/4.1
- version/openbsd/4.2
- vendor/cosmicperl
- canonical/cosmicperl directory pro
- version/cosmicperl directory pro/10.0.3
- vendor/darwin
- canonical/darwin
- version/darwin/1.0
- version/darwin/9.1
- vendor/navision
- canonical/microsoft dynamics nav
- version/microsoft dynamics nav/3.0