Описание
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | ntp | Affected | ||
| Red Hat Enterprise Linux 5 | ntp | Fixed | RHSA-2014:2025 | 20.12.2014 |
| Red Hat Enterprise Linux 6 | ntp | Fixed | RHSA-2014:2024 | 20.12.2014 |
| Red Hat Enterprise Linux 6.5 Extended Update Support | ntp | Fixed | RHSA-2015:0104 | 28.01.2015 |
| Red Hat Enterprise Linux 7 | ntp | Fixed | RHSA-2014:2024 | 20.12.2014 |
Показывать по
Дополнительная информация
Статус:
4 Medium
CVSS2
Связанные уязвимости
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RN ...
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику обойти механизм защиты устройства
4 Medium
CVSS2