Vulnerability CVE-2015-3405


Published: 2017-08-09

Description:
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Type:

CWE-331

(Insufficient Entropy)

Vendor: Debian
Product: Debian linux 
Version: 8.0; 7.0;
Vendor: Redhat
Product: Enterprise linux desktop 
Version: 6.0;
Product: Enterprise linux workstation 
Version: 6.0;
Product: Enterprise linux for ibm z systems 
Version: 6.0;
Product: Enterprise linux for scientific computing 
Version: 6.0;
Product: Enterprise linux server 
Version: 6.0;
Product: Enterprise linux for power big endian 
Version: 6.0;
Product: Enterprise linux server from rhui 6 
Version: 6.0;
Vendor: NTP
Product: NTP 
Version:
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.11
4.3.10
4.3.1
4.3.0
4.2.8
Vendor: Fedoraproject
Product: Fedora 
Version: 21;
Vendor: Opensuse project
Product: Suse linux enterprise desktop 
Version: 11.0;
Vendor: SUSE
Product: Suse linux enterprise server 
Version: 11.0;
Vendor: Opensuse
Product: Suse linux enterprise server 
Version: 11.0;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html
http://rhn.redhat.com/errata/RHSA-2015-1459.html
http://rhn.redhat.com/errata/RHSA-2015-2231.html
http://www.debian.org/security/2015/dsa-3223
http://www.debian.org/security/2015/dsa-3388
http://www.openwall.com/lists/oss-security/2015/04/23/14
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/74045
https://bugs.ntp.org/show_bug.cgi?id=2797
https://bugzilla.redhat.com/show_bug.cgi?id=1210324
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

Related CVE
CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid...
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large ...
CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs...
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents...
CVE-2019-5839
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
CVE-2019-5838
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
CVE-2019-5837
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5836
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Copyright 2019, cxsecurity.com

 

Back to Top