CVE-2008-1146
published 2008-03-04CVE-2008-1146: A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows…
PriorityP425medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.38%
68.7th percentile
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cosmicperl | directory_pro | — | — |
| darwin | darwin | — | — |
| darwin | darwin | — | — |
| navision | financials_server | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c3px-pvp2-35hw: A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2
ghsa_unreviewed·2022-05-01
CVE-2008-1146 [MEDIUM] GHSA-c3px-pvp2-35hw: A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.
Red Hat
libvirt: several API calls do not honour read-only connection
vendor_redhat·2011-03-02·CVSS 7.2
CVE-2011-1146 [HIGH] libvirt: several API calls do not honour read-only connection
libvirt: several API calls do not honour read-only connection
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
Package: libvirt (Red Hat Enterprise Linux 5) - Affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/28819http://www.securiteam.com/securityreviews/5PP0H0UNGW.htmlhttp://www.securityfocus.com/archive/1/487658http://www.securityfocus.com/bid/27647http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/40329http://secunia.com/advisories/28819http://www.securiteam.com/securityreviews/5PP0H0UNGW.htmlhttp://www.securityfocus.com/archive/1/487658http://www.securityfocus.com/bid/27647http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/40329
2008-03-04
Published