CVE - CVE-2015-3405

CVE-ID
CVE-2015-3405	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:74045 URL:http://www.securityfocus.com/bid/74045 MISC:DSA-3223 URL:http://www.debian.org/security/2015/dsa-3223 MISC:DSA-3388 URL:http://www.debian.org/security/2015/dsa-3388 MISC:FEDORA-2015-5830 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html MISC:RHSA-2015:1459 URL:http://rhn.redhat.com/errata/RHSA-2015-1459.html MISC:RHSA-2015:2231 URL:http://rhn.redhat.com/errata/RHSA-2015-2231.html MISC:SUSE-SU-2015:1173 URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html MISC:[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems URL:http://www.openwall.com/lists/oss-security/2015/04/23/14 MISC:http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg URL:http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg MISC:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html URL:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html MISC:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html URL:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html MISC:https://bugs.ntp.org/show_bug.cgi?id=2797 URL:https://bugs.ntp.org/show_bug.cgi?id=2797 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1210324 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1210324 MISC:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us URL:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
Assigning CNA
Red Hat, Inc.
Date Record Created
20150423	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150423)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.