CVE - CVE-2015-3405

CVE-ID
CVE-2015-3405	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems URL:http://www.openwall.com/lists/oss-security/2015/04/23/14 CONFIRM:http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg CONFIRM:https://bugs.ntp.org/show_bug.cgi?id=2797 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1210324 CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us DEBIAN:DSA-3223 URL:http://www.debian.org/security/2015/dsa-3223 DEBIAN:DSA-3388 URL:http://www.debian.org/security/2015/dsa-3388 FEDORA:FEDORA-2015-5830 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html REDHAT:RHSA-2015:1459 URL:http://rhn.redhat.com/errata/RHSA-2015-1459.html REDHAT:RHSA-2015:2231 URL:http://rhn.redhat.com/errata/RHSA-2015-2231.html SUSE:SUSE-SU-2015:1173 URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html BID:74045 URL:http://www.securityfocus.com/bid/74045
Assigning CNA
N/A
Date Entry Created
20150423	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150423)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org