Lucene search

[email protected]NVD:CVE-2015-3405

HistoryAug 09, 2017 - 4:29 p.m.

CVE-2015-3405

2017-08-0916:29:00

CWE-331

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Affected configurations

NVD

Node

ntpntpMatch4.2.8p1

ntpntpMatch4.2.8p2

ntpntpMatch4.2.8p2-rc1

ntpntpMatch4.3.0

ntpntpMatch4.3.1

ntpntpMatch4.3.2

ntpntpMatch4.3.3

ntpntpMatch4.3.4

ntpntpMatch4.3.5

ntpntpMatch4.3.6

ntpntpMatch4.3.7

ntpntpMatch4.3.8

ntpntpMatch4.3.9

ntpntpMatch4.3.10

ntpntpMatch4.3.11

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

opensusesuse_linux_enterprise_serverMatch11.0sp3

opensuse_projectsuse_linux_enterprise_desktopMatch11.0sp3

susesuse_linux_enterprise_serverMatch11.0sp3vmware

Node

fedoraprojectfedoraMatch21

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_for_ibm_z_systemsMatch6.0

redhatenterprise_linux_for_power_big_endianMatch6.0

redhatenterprise_linux_for_scientific_computingMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_from_rhui_6Match6.0

redhatenterprise_linux_workstationMatch6.0

References

bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg

lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html

rhn.redhat.com/errata/RHSA-2015-1459.html

rhn.redhat.com/errata/RHSA-2015-2231.html

www.debian.org/security/2015/dsa-3223

www.debian.org/security/2015/dsa-3388

www.openwall.com/lists/oss-security/2015/04/23/14

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/74045

bugs.ntp.org/show_bug.cgi?id=2797

bugzilla.redhat.com/show_bug.cgi?id=1210324

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

Related for NVD:CVE-2015-3405

ubuntucve1 prion1 cvelist1 cve1 debiancve1 openvas13 f52 nessus17 suse1 ibm8 osv2 veracode5 oraclelinux2 amazon1 centos2 redhat2 fedora1 debian1