Home > Vulnerability Database > CVE-2015-3405

Mend.io Vulnerability Database

CVE-2015-3405

Date: August 9, 2017

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Severity Score

7.5

Related Resources (19)

Url: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

Url: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Url: https://security-tracker.debian.org/tracker/CVE-2015-3405

Url: https://bugs.ntp.org/show_bug.cgi?id=2797

Url: http://www.debian.org/security/2015/dsa-3388

Url: http://www.debian.org/security/2015/dsa-3223

Url: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html

Url: http://rhn.redhat.com/errata/RHSA-2015-1459.html

Url: http://www.securityfocus.com/bid/74045

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1210324

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-3405

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3405

Url: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html

Url: http://rhn.redhat.com/errata/RHSA-2015-2231.html

Url: http://www.openwall.com/lists/oss-security/2015/04/23/14

Url: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg

Url: https://access.redhat.com/security/cve/CVE-2015-3405

Url: https://www.mend.io/vulnerability-database/CVE-2015-3405

Severity Score

7.5

Weakness Type (CWE)

Insufficient Entropy

CWE-331

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-3405

Date: August 9, 2017

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?