CVE-2008-1148

A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.

Published: 2008-03-04 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2008-1148 is rated Moderate Risk (51.9/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.42%). Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2008-1148

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.97%	1.42%	+0.45%
2	2025-03-17	3.08%	0.97%	-2.10%
3	2025-02-13	—	3.08%	—

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-1148

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.8	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	8.6	6.4	[email protected]

Weakness enumeration for CVE-2008-1148

Affected software / configurations for CVE-2008-1148

Vendor	Product	Version	Raw CPE
cosmicperl	directory_pro	10.0.3	cpe:2.3:a:cosmicperl:directory_pro:10.0.3:::::::*
darwin	darwin	1.0	cpe:2.3:a:darwin:darwin:1.0:::::::*
darwin	darwin	9.1	cpe:2.3:a:darwin:darwin:9.1:::::::*
navision	financials_server	3.0	cpe:2.3:a:navision:financials_server:3.0:::::::*

References for CVE-2008-1148

URL	Tags
http://secunia.com/advisories/28819	Vendor Advisory
http://www.securiteam.com/securityreviews/5PP0H0UNGW.html
http://www.securityfocus.com/archive/1/487658
http://www.securityfocus.com/bid/27647
http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40329
https://exchange.xforce.ibmcloud.com/vulnerabilities/41157

cvelogic Threat Intelligence