CVE-2015-3405

CVSS V2 Medium 5 CVSS V3 High 7.5

Description

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Overview

CVE ID
CVE-2015-3405

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2017-08-09T16:29:00

Last Modified Date
2023-02-13T00:49:44

Weakness Enumerations

CWE	URL
CWE-331	http://cwe.mitre.org/data/definitions/331.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:ntp:ntp:4.2.8:p1::::::	1	OR
cpe:2.3:a:ntp:ntp:4.2.8:p2::::::	1	OR
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1::::::	1	OR
cpe:2.3:a:ntp:ntp:4.3.0:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.1:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.2:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.3:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.4:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.5:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.6:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.7:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.8:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.9:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.10:::::::*	1	OR
cpe:2.3:a:ntp:ntp:4.3.11:::::::*	1	OR
cpe:2.3:o:debian:debian_linux:7.0:::::::*	1	OR
cpe:2.3:o:debian:debian_linux:8.0:::::::*	1	OR
cpe:2.3:o:opensuse:suse_linux_enterprise_server:11.0:sp3::::::	1	OR
cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:11.0:sp3::::::	1	OR
cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3::::vmware::*	1	OR
cpe:2.3:o:fedoraproject:fedora:21:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui_6:6.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
NONE

Availability Impact
NONE

Base Score
5

Severity
MEDIUM

Exploitability Score
10

Impact Score
2.9

CVSS Version 3

Version
3.0

Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector
NETWORK

Attack Compatibility
LOW

Privileges Required
NONE

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
HIGH

Availability Impact
NONE

Base Score
7.5

Base Severity
HIGH

Exploitability Score
3.9

Impact Score
3.6

References

Reference URL	Reference Tags
http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg	Third Party Advisory Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1459.html	Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-2231.html	Third Party Advisory VDB Entry
http://www.debian.org/security/2015/dsa-3223	Third Party Advisory
http://www.debian.org/security/2015/dsa-3388	Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/04/23/14	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/74045	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2015:1459
https://access.redhat.com/errata/RHSA-2015:2231
https://access.redhat.com/security/cve/CVE-2015-3405
https://bugs.ntp.org/show_bug.cgi?id=2797	Issue Tracking Third Party Advisory Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1210324	Issue Tracking Patch Third Party Advisory VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2015-3405
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3405

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 17:30:20				Added to TrackCVE
2022-12-02 19:47:09	2017-08-09T16:29Z	2017-08-09T16:29:00	CVE Published Date	updated
2022-12-02 19:47:09		2020-05-28T14:08:04	CVE Modified Date	updated
2022-12-02 19:47:09		Modified	Vulnerability Status	updated
2023-02-02 16:06:39		2023-02-02T15:16:45	CVE Modified Date	updated
2023-02-02 16:06:39	ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.	A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server.	Description	updated
2023-02-02 16:06:41			References	updated
2023-02-13 01:07:08		2023-02-13T00:49:44	CVE Modified Date	updated
2023-02-13 01:07:09	A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server.	ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.	Description	updated