Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3405

Опубликовано: 09 апр. 2015
Источник: redhat
CVSS2: 4
EPSS Низкий

Описание

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server.

Отчет

This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ntpWill not fix
Red Hat Enterprise Linux 6ntpFixedRHSA-2015:145921.07.2015
Red Hat Enterprise Linux 7ntpFixedRHSA-2015:223119.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-628->CWE-835
Дефект:
CWE-330
https://bugzilla.redhat.com/show_bug.cgi?id=1210324ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems

EPSS

Процентиль: 90%
0.06205
Низкий

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3405

CVSS3: 7.5
ubuntu
больше 8 лет назад

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

nvd логотип

CVE-2015-3405

CVSS3: 7.5
nvd
больше 8 лет назад

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

debian логотип

CVE-2015-3405

CVSS3: 7.5
debian
больше 8 лет назад

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 d ...

github логотип

GHSA-wwx9-mwhp-g8mc

CVSS3: 7.5
github
больше 3 лет назад

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

suse-cvrf логотип

SUSE-SU-2015:0865-1

suse-cvrf
больше 10 лет назад

Security update for ntp

EPSS

Процентиль: 90%
0.06205
Низкий

4 Medium

CVSS2