PT-2017-6668 · Nts+3 · Ntp+3

Martin Prpič

Publicado

2015-04-12

Atualizado

2023-02-13

CVE-2015-3405

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ntp versions 4.2.8px through 4.2.8p2-RC2 ntp versions 4.3.x through 4.3.12

Description The issue is related to the generation of MD5 keys with insufficient entropy on big endian machines under specific conditions. This might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack. The estimated number of possible keys is 93.

Recommendations For ntp versions 4.2.8px through 4.2.8p2-RC2, update to version 4.2.8p2-RC2 or later. For ntp versions 4.3.x through 4.3.12, update to version 4.3.12 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-331

Identificadores relacionados

CESA-2015_1459

CESA-2015_2231

CVE-2015-3405

DLA-192-1

DSA-3223-1

DSA-3388-1

RHSA-2015:1459

RHSA-2015:2231

RHSA-2015_1459

RHSA-2015_2231

SUSE-SU-2015:0259-1

SUSE-SU-2015:0259-3

SUSE-SU-2015:0865-1

SUSE-SU-2015:1173-1

USN-2567-1

Produtos afetados

Centos

Red Hat

Suse

Ntp

PT-2017-6668 · Nts+3 · Ntp+3

CVE-2015-3405

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 89