CVE-2015-3405

ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

ntp-keygen en ntp en versiones 4.2.8px anteriores a la 4.2.8p2-RC2 y en versiones 4.3.x anteriores a la 4.3.12 no genera claves MD5 con la suficiente entropía en máquinas big endian cuando el byte de menor orden de la variable temp se sitúa entre 0x20 y 0x7f y no #. Esto podría permitir que atacantes remotos obtengan el valor de las claves MD5 generadas mediante un ataque de fuerza bruta con las 93 claves posibles.

A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-23 CVE Reserved
2015-07-22 CVE Published
2023-11-13 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-330: Use of Insufficiently Random Values
CWE-331: Insufficient Entropy

CAPEC

References (15)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2015/04/23/14	Mailing List
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	X_refsource_confirm
http://www.securityfocus.com/bid/74045	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1210324	2015-11-19

URL	Date	SRC
http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1459.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-2231.html	2023-02-13
http://www.debian.org/security/2015/dsa-3223	2023-02-13
http://www.debian.org/security/2015/dsa-3388	2023-02-13
https://bugs.ntp.org/show_bug.cgi?id=2797	2023-02-13
https://access.redhat.com/security/cve/CVE-2015-3405	2015-11-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8"		p1		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8"		p2		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8"		p2-rc1		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.0 Search vendor "Ntp" for product "Ntp" and version "4.3.0"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.1 Search vendor "Ntp" for product "Ntp" and version "4.3.1"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.2 Search vendor "Ntp" for product "Ntp" and version "4.3.2"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.3 Search vendor "Ntp" for product "Ntp" and version "4.3.3"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.4 Search vendor "Ntp" for product "Ntp" and version "4.3.4"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.5 Search vendor "Ntp" for product "Ntp" and version "4.3.5"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.6 Search vendor "Ntp" for product "Ntp" and version "4.3.6"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.7 Search vendor "Ntp" for product "Ntp" and version "4.3.7"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.8 Search vendor "Ntp" for product "Ntp" and version "4.3.8"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.9 Search vendor "Ntp" for product "Ntp" and version "4.3.9"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.10 Search vendor "Ntp" for product "Ntp" and version "4.3.10"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.3.11 Search vendor "Ntp" for product "Ntp" and version "4.3.11"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Opensuse Search vendor "Opensuse"		Suse Linux Enterprise Server Search vendor "Opensuse" for product "Suse Linux Enterprise Server"				11.0 Search vendor "Opensuse" for product "Suse Linux Enterprise Server" and version "11.0"		sp3		Affected
Opensuse Project Search vendor "Opensuse Project"		Suse Linux Enterprise Desktop Search vendor "Opensuse Project" for product "Suse Linux Enterprise Desktop"				11.0 Search vendor "Opensuse Project" for product "Suse Linux Enterprise Desktop" and version "11.0"		sp3		Affected
Suse Search vendor "Suse"		Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server"				11.0 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11.0"		sp3, vmware		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				21 Search vendor "Fedoraproject" for product "Fedora" and version "21"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems"				6.0 Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian"				6.0 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Scientific Computing Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing"				6.0 Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server From Rhui 6 Search vendor "Redhat" for product "Enterprise Linux Server From Rhui 6"				6.0 Search vendor "Redhat" for product "Enterprise Linux Server From Rhui 6" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"		-		Affected