CVE-2015-3405 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-3405 Interim 1 21 2023-02-15T01:50:57Z current 2021-05-30T13:29:55Z 2023-02-15T01:50:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-3405 ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2015-May/001378.html E-Mail link for SUSE-SU-2015:0865-1 https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html E-Mail link for SUSE-SU-2015:1173-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SUSE OpenStack Cloud 6 ntp ntp-4.2.4p8-1.29.36.1 ntp-4.2.6p5-44.1 ntp-4.2.8p10-63.3 ntp-4.2.8p12-64.8.2 ntp-4.2.8p13-85.1 ntp-4.2.8p4-1.3 ntp-4.2.8p8-14.1 ntp-doc-4.2.4p8-1.29.36.1 ntp-doc-4.2.6p5-44.1 ntp-doc-4.2.8p10-63.3 ntp-doc-4.2.8p12-64.8.2 ntp-doc-4.2.8p13-85.1 ntp-doc-4.2.8p4-1.3 ntp-doc-4.2.8p8-14.1 ntp-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 ntp-doc-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 ntp-4.2.6p5-44.1 as a component of SUSE Linux Enterprise Desktop 12 ntp-doc-4.2.6p5-44.1 as a component of SUSE Linux Enterprise Desktop 12 ntp-4.2.8p4-1.3 as a component of SUSE Linux Enterprise Desktop 12 SP1 ntp-doc-4.2.8p4-1.3 as a component of SUSE Linux Enterprise Desktop 12 SP1 ntp-4.2.8p8-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 ntp-doc-4.2.8p8-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 ntp-4.2.8p10-63.3 as a component of SUSE Linux Enterprise Desktop 12 SP3 ntp-doc-4.2.8p10-63.3 as a component of SUSE Linux Enterprise Desktop 12 SP3 ntp-4.2.8p12-64.8.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 ntp-doc-4.2.8p12-64.8.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 ntp-4.2.8p13-85.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 ntp-doc-4.2.8p13-85.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 ntp-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA ntp-doc-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA ntp-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Server 11 SP3 ntp-doc-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Server 11 SP3 ntp-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA ntp-doc-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA ntp-4.2.6p5-44.1 as a component of SUSE Linux Enterprise Server 12 ntp-doc-4.2.6p5-44.1 as a component of SUSE Linux Enterprise Server 12 ntp-4.2.8p4-1.3 as a component of SUSE Linux Enterprise Server 12 SP1 ntp-doc-4.2.8p4-1.3 as a component of SUSE Linux Enterprise Server 12 SP1 ntp-4.2.8p8-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 ntp-doc-4.2.8p8-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 ntp-4.2.8p10-63.3 as a component of SUSE Linux Enterprise Server 12 SP3 ntp-doc-4.2.8p10-63.3 as a component of SUSE Linux Enterprise Server 12 SP3 ntp-4.2.8p12-64.8.2 as a component of SUSE Linux Enterprise Server 12 SP4 ntp-doc-4.2.8p12-64.8.2 as a component of SUSE Linux Enterprise Server 12 SP4 ntp-4.2.8p13-85.1 as a component of SUSE Linux Enterprise Server 12 SP5 ntp-doc-4.2.8p13-85.1 as a component of SUSE Linux Enterprise Server 12 SP5 ntp-4.2.8p8-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 ntp-doc-4.2.8p8-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 ntp-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 ntp-doc-4.2.4p8-1.29.36.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 ntp-4.2.6p5-44.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 ntp-doc-4.2.6p5-44.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 ntp-4.2.8p4-1.3 as a component of SUSE OpenStack Cloud 6 ntp as a component of SUSE Linux Enterprise Server 11 SP4 LTSS ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. CVE-2015-3405 SUSE Linux Enterprise Desktop 11 SP3:ntp-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Desktop 11 SP3:ntp-doc-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Desktop 12:ntp-4.2.6p5-44.1 SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.6p5-44.1 SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p4-1.3 SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p4-1.3 SUSE Linux Enterprise Desktop 12 SP2:ntp-4.2.8p8-14.1 SUSE Linux Enterprise Desktop 12 SP2:ntp-doc-4.2.8p8-14.1 SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p10-63.3 SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p10-63.3 SUSE Linux Enterprise Desktop 12 SP4:ntp-4.2.8p12-64.8.2 SUSE Linux Enterprise Desktop 12 SP4:ntp-doc-4.2.8p12-64.8.2 SUSE Linux Enterprise High Performance Computing 12 SP5:ntp-4.2.8p13-85.1 SUSE Linux Enterprise High Performance Computing 12 SP5:ntp-doc-4.2.8p13-85.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:ntp-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:ntp-doc-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Server 11 SP3:ntp-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Server 11 SP3:ntp-doc-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Server 12:ntp-4.2.6p5-44.1 SUSE Linux Enterprise Server 12:ntp-doc-4.2.6p5-44.1 SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p4-1.3 SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p4-1.3 SUSE Linux Enterprise Server 12 SP2:ntp-4.2.8p8-14.1 SUSE Linux Enterprise Server 12 SP2:ntp-doc-4.2.8p8-14.1 SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p10-63.3 SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p10-63.3 SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p12-64.8.2 SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p12-64.8.2 SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p13-85.1 SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p13-85.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ntp-4.2.8p8-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ntp-doc-4.2.8p8-14.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:ntp-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:ntp-doc-4.2.4p8-1.29.36.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.6p5-44.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.6p5-44.1 SUSE OpenStack Cloud 6:ntp-4.2.8p4-1.3 SUSE Linux Enterprise Server 11 SP4 LTSS:ntp important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N