ID CVE-2015-3405
Summary ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
References
Vulnerable Configurations
  • cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.8:p2_rc1:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc1:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
    cpe:2.3:o:opensuse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
  • cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*
    cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*
    cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*
  • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_from_rhui_6:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_from_rhui_6:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 28-08-2018 - 10:29)
Impact:
Exploitability:
CWE CWE-331
CAPEC
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • bugzilla
    id 1210324
    title CVE-2015-3405 ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment ntp is earlier than 0:4.2.6p5-5.el6
          oval oval:com.redhat.rhsa:tst:20151459007
        • comment ntp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024006
      • AND
        • comment ntp-doc is earlier than 0:4.2.6p5-5.el6
          oval oval:com.redhat.rhsa:tst:20151459011
        • comment ntp-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024010
      • AND
        • comment ntp-perl is earlier than 0:4.2.6p5-5.el6
          oval oval:com.redhat.rhsa:tst:20151459005
        • comment ntp-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024014
      • AND
        • comment ntpdate is earlier than 0:4.2.6p5-5.el6
          oval oval:com.redhat.rhsa:tst:20151459009
        • comment ntpdate is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024012
    rhsa
    id RHSA-2015:1459
    released 2015-07-22
    severity Moderate
    title RHSA-2015:1459: ntp security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1210324
    title CVE-2015-3405 ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment ntp is earlier than 0:4.2.6p5-22.el7
          oval oval:com.redhat.rhsa:tst:20152231005
        • comment ntp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024006
      • AND
        • comment ntp-doc is earlier than 0:4.2.6p5-22.el7
          oval oval:com.redhat.rhsa:tst:20152231011
        • comment ntp-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024010
      • AND
        • comment ntp-perl is earlier than 0:4.2.6p5-22.el7
          oval oval:com.redhat.rhsa:tst:20152231013
        • comment ntp-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024014
      • AND
        • comment ntpdate is earlier than 0:4.2.6p5-22.el7
          oval oval:com.redhat.rhsa:tst:20152231009
        • comment ntpdate is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024012
      • AND
        • comment sntp is earlier than 0:4.2.6p5-22.el7
          oval oval:com.redhat.rhsa:tst:20152231007
        • comment sntp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20142024008
    rhsa
    id RHSA-2015:2231
    released 2015-11-19
    severity Moderate
    title RHSA-2015:2231: ntp security, bug fix, and enhancement update (Moderate)
rpms
  • ntp-0:4.2.6p5-5.el6
  • ntp-doc-0:4.2.6p5-5.el6
  • ntp-perl-0:4.2.6p5-5.el6
  • ntpdate-0:4.2.6p5-5.el6
  • ntp-0:4.2.6p5-22.el7
  • ntp-doc-0:4.2.6p5-22.el7
  • ntp-perl-0:4.2.6p5-22.el7
  • ntpdate-0:4.2.6p5-22.el7
  • sntp-0:4.2.6p5-22.el7
refmap via4
bid 74045
confirm
debian
  • DSA-3223
  • DSA-3388
fedora FEDORA-2015-5830
mlist [oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems
suse SUSE-SU-2015:1173
Last major update 28-08-2018 - 10:29
Published 09-08-2017 - 16:29
Back to Top