What is CVE-2015-3405?

CVE-2015-3405 is a high-severity vulnerability in Ntp, classified under Insufficient Entropy. CVSS score: 7.5/10. Published 2017-08-09.

How severe is CVE-2015-3405?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2015-3405 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ntp

CVE-2015-3405

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might…

EPSS: 0.166 (95.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Ntp — versions 4.2.8, 4.3.0, 4.3.1
Opensuse_project Suse_linux_enterprise_desktop — versions 11.0
Debian Debian_linux — versions 7.0, 8.0
Fedoraproject Fedora — versions 21
Opensuse Suse_linux_enterprise_server — versions 11.0
Redhat Enterprise_linux_desktop — versions 6.0
Redhat Enterprise_linux_for_ibm_z_systems — versions 6.0
Redhat Enterprise_linux_for_power_big_endian — versions 6.0
Redhat Enterprise_linux_for_scientific_computing — versions 6.0
Redhat Enterprise_linux_server — versions 6.0

Weakness classification (CWE)

CWE-331 — Insufficient Entropy

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

secalert@redhat.com (vendor-advisory, x_refsource_FEDORA, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, VDB Entry, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, VDB Entry, Third Party Advisory, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, VDB Entry, Third Party Advisory)

Frequently asked questions

What is CVE-2015-3405?: CVE-2015-3405 is a high-severity vulnerability in Ntp, classified under Insufficient Entropy. CVSS score: 7.5/10. Published 2017-08-09.
How severe is CVE-2015-3405?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2015-3405 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.