CVE-2008-1148

Name of the Vulnerable Software and Affected Versions OpenBSD versions 3.5 through 4.2 NetBSD versions 1.6.2 through 4.0

Description A pseudo-random number generator (PRNG) algorithm, known as "Algorithm A0", is used in certain operating systems, allowing remote attackers to guess sensitive values, such as DNS transaction IDs or IP fragmentation IDs, by observing a sequence of previously generated values. This can be leveraged for attacks like DNS cache poisoning, injection into TCP packets, and OS fingerprinting.

Recommendations For OpenBSD versions 3.5 through 4.2, consider updating to a version that uses a more secure PRNG algorithm. For NetBSD versions 1.6.2 through 4.0, consider updating to a version that uses a more secure PRNG algorithm. As a temporary workaround, consider restricting access to sensitive services that rely on the PRNG algorithm, such as DNS, until a patch is available.