CVE-2015-3405 - Insufficient Entropy

Severity

50%

Complexity

99%

Confidentiality

48%

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Demo Examples

Insufficient Entropy

CWE-331

This code generates a unique random identifier for a user's session.


               
}
return rand();

Because the seed for the PRNG is always the user's ID, the session ID will always be the same. An attacker could thus predict any user's session ID and potentially hijack the session.

This example also exhibits a Small Seed Space (CWE-339).

Insufficient Entropy

CWE-331

The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.


               
}
return(baseUrl + ranGen.nextInt(400000000) + ".html");

This code uses the Random.nextInt() function to generate "unique" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG.

Overview

First reported 7 years ago

2017-08-09 16:29:00

Last updated 4 years ago

2020-05-28 14:08:00

Affected Software

NTP 4.2.8 Patch 1

4.2.8

NTP 4.2.8 Patch 2

4.2.8

NTP 4.2.8 Patch 2 Release Candidate 1

4.2.8

NTP 4.3.0

4.3.0

NTP 4.3.1

4.3.1

NTP 4.3.2

4.3.2

NTP 4.3.3

4.3.3

NTP 4.3.4

4.3.4

NTP 4.3.5

4.3.5

NTP 4.3.6

4.3.6

NTP 4.3.7

4.3.7

NTP 4.3.8

4.3.8

NTP 4.3.9

4.3.9

NTP 4.3.10

4.3.10

NTP 4.3.11

4.3.11

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

OpenSUSE SUSE Linux Enterprise Desktop 11.0 Service Pack 3

11.0

OpenSUSE Project SUSE Linux Enterprise Desktop 11.0 Service Pack 3

11.0

SUSE Linux Enterprise Server 11.0 Service Pack 3 for VMware

11.0
vmware

Fedora 21

21

Red Hat Enterprise Linux Desktop 6.0

6.0

Red Hat Enterprise Linux Server 6.0

6.0

Red Hat Enterprise Linux Workstation 6.0

6.0

NTP 4.2.8 Patch 2-Release Candidate 1

4.2.8

References

http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg

Third Party Advisory, Vendor Advisory

FEDORA-2015-5830

Third Party Advisory

SUSE-SU-2015:1173

Third Party Advisory

RHSA-2015:1459

Third Party Advisory, VDB Entry

RHSA-2015:2231

Third Party Advisory, VDB Entry

DSA-3223

Third Party Advisory

DSA-3388

Third Party Advisory

[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems

Mailing List, Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

74045

Third Party Advisory, VDB Entry

https://bugs.ntp.org/show_bug.cgi?id=2797

Issue Tracking, Third Party Advisory, Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1210324

Issue Tracking, Patch, Third Party Advisory, VDB Entry

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.