CVE-2015-3405 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ntp	Ntp	4.2.8
Debian	Debian Linux	7.0
Opensuse	Suse Linux Enterprise Server	11.0
Opensuse Project	Suse Linux Enterprise Desktop	11.0
Suse	Suse Linux Enterprise Server	11.0
Fedoraproject	Fedora	21
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux For Ibm Z Systems	6.0
Redhat	Enterprise Linux For Power Big Endian	6.0
Redhat	Enterprise Linux For Scientific Computing	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server From Rhui 6	6.0
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-331

References

http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9YpyggThird Party AdvisoryVendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1459.htmlThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2015-2231.htmlThird Party AdvisoryVDB Entry
http://www.debian.org/security/2015/dsa-3223Third Party Advisory
http://www.debian.org/security/2015/dsa-3388Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/04/23/14Mailing ListThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h
http://www.securityfocus.com/bid/74045Third Party AdvisoryVDB Entry
https://bugs.ntp.org/show_bug.cgi?id=2797Issue TrackingThird Party AdvisoryVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1210324Issue TrackingPatchThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe
http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9YpyggThird Party AdvisoryVendor Advisory

FAQ

What is CVE-2015-3405?

CVE-2015-3405 is a vulnerability with a CVSS score of 7.5 (HIGH). ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is betwee...

How severe is CVE-2015-3405?

CVE-2015-3405 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-3405?

Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp, Debian Debian Linux, Opensuse Suse Linux Enterprise Server, Opensuse Project Suse Linux Enterprise Desktop, Suse Suse Linux Enterprise Server.