CVE-2015-3405 : ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Published 2017-08-09 16:29:00

Updated 2023-02-13 00:49:45

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-3405

Probability of exploitation activity in the next 30 days: 0.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-3405

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2015-3405

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-3405

http://rhn.redhat.com/errata/RHSA-2015-1459.html

RHSA-2015:1459 - Security Advisory - Red Hat Customer Portal
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/74045

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
Third Party Advisory;VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html

[security-announce] SUSE-SU-2015:1173-1: important: Security update for
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Oracle Solaris Third Party Bulletin - April 2015

CVEs referencing this url
https://bugs.ntp.org/show_bug.cgi?id=2797

Bug 2797 – ntp-keygen trapped in endless loop for MD5 keys on big-endian machines
Issue Tracking;Third Party Advisory;Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-2231.html

RHSA-2015:2231 - Security Advisory - Red Hat Customer Portal
Third Party Advisory;VDB Entry
http://www.openwall.com/lists/oss-security/2015/04/23/14

oss-security - Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems
Mailing List;Third Party Advisory
http://www.debian.org/security/2015/dsa-3388

Debian -- Security Information -- DSA-3388-1 ntp
Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html

[SECURITY] Fedora 21 Update: ntp-4.2.6p5-30.fc21
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Oracle Linux Bulletin - October 2015

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1210324

1210324 – (CVE-2015-3405) CVE-2015-3405 ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems
Issue Tracking;Patch;Third Party Advisory;VDB Entry
http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg

All diffs for ChangeSet 1.3308.4.1
Third Party Advisory;Vendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

HPESBHF03886 rev.1 - HPE Comware 5 and Comware 7 Switches and Routers using NTP, Remote Denial of Service

CVEs referencing this url
http://www.debian.org/security/2015/dsa-3223

Debian -- Security Information -- DSA-3223-1 ntp
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2015-3405

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Scientific Computing » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Big Endian » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server From Rhui 6 » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui_6:6.0:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux Enterprise Server » Version: 11.0 Update SP3 For Vmware
cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*
Matching versions
NTP » NTP » Version: 4.3.0
cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.1
cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.8
cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.9
cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.6
cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.7
cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P2-rc1
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.2
cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.3
cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.10
cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.11
cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.4
cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.3.5
cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P1
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P2
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 21
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Matching versions
Opensuse » Suse Linux Enterprise Server » Version: 11.0 Update SP3
cpe:2.3:o:opensuse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
Matching versions
Opensuse Project » Suse Linux Enterprise Desktop » Version: 11.0 Update SP3
cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-3405

Exploit prediction scoring system (EPSS) score for CVE-2015-3405

CVSS scores for CVE-2015-3405

CWE ids for CVE-2015-3405

References for CVE-2015-3405

Products affected by CVE-2015-3405