Denial of Service : NTPd < 4.2.8p2, 4.3.x < 4.3.12 Keygen Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.146236

Categoría: Denial of Service

Título: NTPd < 4.2.8p2, 4.3.x < 4.3.12 Keygen Vulnerability

Resumen: NTPd is prone to a vulnerability in ntp-keygen.

Descripción: Summary:
NTPd is prone to a vulnerability in ntp-keygen.

Vulnerability Insight:
ntp-keygen does not generate MD5 keys with sufficient entropy
on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f
and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a
brute force attack with the 93 possible keys.

Affected Software/OS:
NTPd version prior to 4.2.8p2 and 4.3.x prior to 4.3.12.

Solution:
Update to version 4.2.8p2 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3405
74045
http://www.securityfocus.com/bid/74045
DSA-3223
http://www.debian.org/security/2015/dsa-3223
DSA-3388
http://www.debian.org/security/2015/dsa-3388
FEDORA-2015-5830
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html
RHSA-2015:1459
http://rhn.redhat.com/errata/RHSA-2015-1459.html
RHSA-2015:2231
http://rhn.redhat.com/errata/RHSA-2015-2231.html
SUSE-SU-2015:1173
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html
[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems
http://www.openwall.com/lists/oss-security/2015/04/23/14
http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugs.ntp.org/show_bug.cgi?id=2797
https://bugzilla.redhat.com/show_bug.cgi?id=1210324
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

Copyright Copyright (C) 2021 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.146236
Categoría:	Denial of Service
Título:	NTPd < 4.2.8p2, 4.3.x < 4.3.12 Keygen Vulnerability
Resumen:	NTPd is prone to a vulnerability in ntp-keygen.
Descripción:	Summary: NTPd is prone to a vulnerability in ntp-keygen. Vulnerability Insight: ntp-keygen does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. Affected Software/OS: NTPd version prior to 4.2.8p2 and 4.3.x prior to 4.3.12. Solution: Update to version 4.2.8p2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3405 74045 http://www.securityfocus.com/bid/74045 DSA-3223 http://www.debian.org/security/2015/dsa-3223 DSA-3388 http://www.debian.org/security/2015/dsa-3388 FEDORA-2015-5830 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html RHSA-2015:1459 http://rhn.redhat.com/errata/RHSA-2015-1459.html RHSA-2015:2231 http://rhn.redhat.com/errata/RHSA-2015-2231.html SUSE-SU-2015:1173 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html [oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems http://www.openwall.com/lists/oss-security/2015/04/23/14 http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugs.ntp.org/show_bug.cgi?id=2797 https://bugzilla.redhat.com/show_bug.cgi?id=1210324 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
Copyright	Copyright (C) 2021 Greenbone AG