ID

VAR-200803-0322


CVE

CVE-2008-1146


TITLE

OpenBSD Used in PRNG Vulnerabilities whose important values are inferred in allegorism

Trust: 0.8

sources: JVNDB: JVNDB-2008-002798

DESCRIPTION

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. A PRNG originating in OpenBSD is prone to a weakness that exposes DNS cache-poisoning and predictable IP ID sequence issues. This issue stems from a flaw in the linear congruential generator (LCG) pseudo-random number generator (PRNG) algorithm. The attacker may also predict IP ID sequences, allowing them to perform OS fingerprinting, network idle-scanning, and potentially TCP blind data-injection attacks. The BIND 9 server included in OpenBSD 3.3 through to 4.2 is vulnerable to this issue. The vulnerable PRNG algorithm and variants are also used in the IP ID sequence generation in OpenBSD 2.6 through to 4.2. The vulnerable PRNG has also been ported to other operating systems, including: Mac OS X and Mac OS X Server 10.0 through to 10.5.1 Darwin 1.0 through to 9.1 FreeBSD 4.4 through to 7.0 NetBSD 1.6.2 through to 4.0 DragonFlyBSD 1.0 through to 1.10.1. FreeBSD, NetBSD, and DragonFlyBSD are affected only if they enable the PRNG's use through the 'net.inet.ip.random_id' sysctl to 1. This is a nondefault configuration change. Other operating systems and versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: OpenBSD DNS Server PRNG Transaction ID Vulnerability SECUNIA ADVISORY ID: SA28819 VERIFY ADVISORY: http://secunia.com/advisories/28819/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote OPERATING SYSTEM: OpenBSD 3.x http://secunia.com/product/100/ OpenBSD 4.0 http://secunia.com/product/12486/ OpenBSD 4.1 http://secunia.com/product/16044/ OpenBSD 4.2 http://secunia.com/product/16045/ DESCRIPTION: Amit Klein has reported a vulnerability in OpenBSD, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to a weakness within the OpenBSD DNS server's pseudo random number generator (PRNG). This can be exploited to obtain the DNS transaction ID and poison the DNS cache. The vulnerability is reported in OpenBSD versions 3.3 to 4.2. SOLUTION: Do not rely on the information returned by an OpenBSD DNS server. PROVIDED AND/OR DISCOVERED BY: Amit Klein, Trusteer ORIGINAL ADVISORY: http://www.trusteer.com/docs/dnsopenbsd.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-1146 // JVNDB: JVNDB-2008-002798 // BID: 27647 // VULHUB: VHN-31271 // PACKETSTORM: 63365

AFFECTED PRODUCTS

vendor:navisionmodel:financials serverscope:eqversion:3.0

Trust: 1.3

vendor:darwinmodel:darwinscope:eqversion:9.1

Trust: 1.3

vendor:darwinmodel:darwinscope:eqversion:1.0

Trust: 1.3

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.10

Trust: 0.9

vendor:freebsdmodel:freebsdscope:eqversion:4.9

Trust: 0.9

vendor:freebsdmodel:freebsdscope:eqversion:4.8

Trust: 0.9

vendor:freebsdmodel:freebsdscope:eqversion:4.7

Trust: 0.9

vendor:freebsdmodel:freebsdscope:eqversion:4.6.2

Trust: 0.9

vendor:freebsdmodel:freebsdscope:eqversion:4.6

Trust: 0.9

vendor:openbsdmodel:openbsdscope:eqversion:3.4 2.8 to 4.2

Trust: 0.8

vendor:openbsdmodel:openbsdscope:eqversion:2.9

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:2.8

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:2.7

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:2.6

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:4.2

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:4.1

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:4.0

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.9

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.8

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.7

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.6

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.5

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.4

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.3

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.2

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.1

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.0

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:3.0.2

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:3.0.1

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:2.1

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:2.0.3

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:2.0.2

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:2.0.1

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:2.0

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:1.6.2

Trust: 0.3

vendor:netbsdmodel:beta2scope:eqversion:4.0

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0

Trust: 0.3

vendor:netbsdmodel:4,0 betascope: - version: -

Trust: 0.3

vendor:netbsdmodel:3.1 rc3scope: - version: -

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:3.1

Trust: 0.3

vendor:netbsdmodel:3,1 rc1scope: - version: -

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:2.1.1

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:2.0.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.0.x

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:5.5

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.5

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.4

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.4

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:5.4

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:5.3

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.3

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.3

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.3

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.2.1

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.2

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.2

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:-release/alphascope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:-release-p5scope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.0.x

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-release-p14scope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:alphascope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:-release-p3scope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:-release-p20scope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.10

Trust: 0.3

vendor:freebsdmodel:-release-p8scope:eqversion:4.10

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.10

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.9

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:4.9

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.8

Trust: 0.3

vendor:freebsdmodel:-release-p7scope:eqversion:4.8

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:4.8

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.7

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.7

Trust: 0.3

vendor:freebsdmodel:-release-p17scope:eqversion:4.7

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.7

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-release-p20scope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-stablepre2002-03-07scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-release-p32scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:-release-p42scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:beta4scope:eqversion:7.0

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:7.0

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:7.0

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:6.3

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.3

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.2

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:6.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.2

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.1

Trust: 0.3

vendor:freebsdmodel:-release-p10scope:eqversion:6.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.1

Trust: 0.3

vendor:freebsdmodel:-release-p5scope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:5.4-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:4.10-prereleasescope: - version: -

Trust: 0.3

vendor:dragonflybsdmodel:dragonflybsdscope:eqversion:1.10.1

Trust: 0.3

vendor:dragonflybsdmodel:dragonflybsdscope:eqversion:1.2

Trust: 0.3

vendor:dragonflybsdmodel:dragonflybsdscope:eqversion:1.1

Trust: 0.3

vendor:dragonflybsdmodel:dragonflybsdscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:openbsdmodel:openbsdscope:neversion:4.3

Trust: 0.3

sources: BID: 27647 // JVNDB: JVNDB-2008-002798 // CNNVD: CNNVD-200803-038 // NVD: CVE-2008-1146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1146
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-1146
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200803-038
value: MEDIUM

Trust: 0.6

VULHUB: VHN-31271
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-1146
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-31271
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-31271 // JVNDB: JVNDB-2008-002798 // CNNVD: CNNVD-200803-038 // NVD: CVE-2008-1146

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2008-002798 // NVD: CVE-2008-1146

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-038

TYPE

Design Error

Trust: 0.9

sources: BID: 27647 // CNNVD: CNNVD-200803-038

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002798

PATCH

title:Top Pageurl:http://www.openbsd.org/

Trust: 0.8

sources: JVNDB: JVNDB-2008-002798

EXTERNAL IDS

db:NVDid:CVE-2008-1146

Trust: 2.8

db:BIDid:27647

Trust: 2.0

db:SECUNIAid:28819

Trust: 1.8

db:JVNDBid:JVNDB-2008-002798

Trust: 0.8

db:CNNVDid:CNNVD-200803-038

Trust: 0.7

db:XFid:40329

Trust: 0.6

db:BUGTRAQid:20080206 A PAPER BY AMIT KLEIN (TRUSTEER): "OPENBSD DNS CACHE POISONING AND MULTIPLE O/S PREDICTABLE IP ID VULNERABILITY"

Trust: 0.6

db:VULHUBid:VHN-31271

Trust: 0.1

db:PACKETSTORMid:63365

Trust: 0.1

sources: VULHUB: VHN-31271 // BID: 27647 // JVNDB: JVNDB-2008-002798 // PACKETSTORM: 63365 // CNNVD: CNNVD-200803-038 // NVD: CVE-2008-1146

REFERENCES

url:http://www.trusteer.com/docs/openbsd_dns_cache_poisoning_and_multiple_os_predictable_ip_id_vulnerability.pdf

Trust: 2.0

url:http://www.securityfocus.com/bid/27647

Trust: 1.7

url:http://www.securityfocus.com/archive/1/487658

Trust: 1.7

url:http://www.securiteam.com/securityreviews/5pp0h0ungw.html

Trust: 1.7

url:http://secunia.com/advisories/28819

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/40329

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1146

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1146

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/40329

Trust: 0.6

url:http://www.trusteer.com/docs/dnsopenbsd.html

Trust: 0.4

url:http://www.openbsd.org/plus43.html

Trust: 0.3

url:http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;content-%20%0dtype=text%252fx-cvsweb-markup%20%0d

Trust: 0.3

url:http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/ip_id.c?rev=1.12&content-type=text/x-cvsweb-markup

Trust: 0.3

url:http://www.dragonflybsd.org/cvsweb/src/sys/netinet/ip_id.c?rev=1.7&content-type=text/x-cvsweb-markup

Trust: 0.3

url:http://www.openbsd.org/errata.html

Trust: 0.3

url:http://www.openbsd.org

Trust: 0.3

url:/archive/1/487658

Trust: 0.3

url:http://secunia.com/product/12486/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/16045/

Trust: 0.1

url:http://secunia.com/advisories/28819/

Trust: 0.1

url:https://psi.secunia.com/?page=changelog

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/product/100/

Trust: 0.1

url:http://secunia.com/product/16044/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-31271 // BID: 27647 // JVNDB: JVNDB-2008-002798 // PACKETSTORM: 63365 // CNNVD: CNNVD-200803-038 // NVD: CVE-2008-1146

CREDITS

Amit Klein discovered this vulnerability.

Trust: 0.9

sources: BID: 27647 // CNNVD: CNNVD-200803-038

SOURCES

db:VULHUBid:VHN-31271
db:BIDid:27647
db:JVNDBid:JVNDB-2008-002798
db:PACKETSTORMid:63365
db:CNNVDid:CNNVD-200803-038
db:NVDid:CVE-2008-1146

LAST UPDATE DATE

2024-11-23T22:14:46.874000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-31271date:2017-08-08T00:00:00
db:BIDid:27647date:2016-07-06T14:17:00
db:JVNDBid:JVNDB-2008-002798date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200803-038date:2008-09-05T00:00:00
db:NVDid:CVE-2008-1146date:2024-11-21T00:43:47.150

SOURCES RELEASE DATE

db:VULHUBid:VHN-31271date:2008-03-04T00:00:00
db:BIDid:27647date:2008-02-06T00:00:00
db:JVNDBid:JVNDB-2008-002798date:2012-06-26T00:00:00
db:PACKETSTORMid:63365date:2008-02-07T20:01:13
db:CNNVDid:CNNVD-200803-038date:2008-03-04T00:00:00
db:NVDid:CVE-2008-1146date:2008-03-04T23:44:00