PT-2017-6668 · Nts+3 · Ntp+3

Martin Prpič

Published

2015-04-12

Updated

2023-02-13

CVE-2015-3405

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ntp versions 4.2.8px through 4.2.8p2-RC2 ntp versions 4.3.x through 4.3.12

Description The issue is related to the generation of MD5 keys with insufficient entropy on big endian machines under specific conditions. This might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack. The estimated number of possible keys is 93.

Recommendations For ntp versions 4.2.8px through 4.2.8p2-RC2, update to version 4.2.8p2-RC2 or later. For ntp versions 4.3.x through 4.3.12, update to version 4.3.12 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

CESA-2015_1459

CESA-2015_2231

CVE-2015-3405

DLA-192-1

DSA-3223-1

DSA-3388-1

RHSA-2015:1459

RHSA-2015:2231

RHSA-2015_1459

RHSA-2015_2231

SUSE-SU-2015:0259-1

SUSE-SU-2015:0259-3

SUSE-SU-2015:0865-1

SUSE-SU-2015:1173-1

USN-2567-1

Affected Products

Centos

Red Hat

Suse

Ntp

PT-2017-6668 · Nts+3 · Ntp+3

CVE-2015-3405

Weakness Enumeration

Related Identifiers

Affected Products

References · 89