7.5
CVE-2015-3405
- EPSS 6.21%
- Published 09.08.2017 16:29:00
- Last modified 20.04.2025 01:37:25
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
Data is provided by the National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Opensuse ≫ Suse Linux Enterprise Server Version11.0 Updatesp3
Opensuse Project ≫ Suse Linux Enterprise Desktop Version11.0 Updatesp3
Suse ≫ Suse Linux Enterprise Server Version11.0 Updatesp3 SwPlatformvmware
Fedoraproject ≫ Fedora Version21
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux For Ibm Z Systems Version6.0
Redhat ≫ Enterprise Linux For Power Big Endian Version6.0
Redhat ≫ Enterprise Linux For Scientific Computing Version6.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server From Rhui 6 Version6.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.21% | 0.899 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-331 Insufficient Entropy
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.