[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Endless loop vulnerability in ntp-keygen in ntp for MD5 keys on big-endian machines

Deprecated
ID: oval:org.secpod.oval:def:24535Date: (C)2015-06-04   (M)2017-10-12
Class: VULNERABILITYFamily: unix




The host is installed with ntp version 4.2.6 and earlier on Redhat Enterprise Linux 6 or on Redhat Enterprise Linux 7 and is prone to an endless loop vulnerability. A flaw is present in the application, which fails to handle MD5 symmetric keys on big-endian systems. Successful exploitation could allow attackers to guess generated MD5 keys that could then be used to spoof an NTP client or server.

Platform:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Product:
ntp
Reference:
CVE-2015-3405
CVE    1
CVE-2015-3405
CPE    25
cpe:/a:ntp:ntp
cpe:/o:suse:suse_linux_enterprise_server:11.0:sp3:~~~vmware~~
cpe:/o:fedoraproject:fedora:21
cpe:/a:ntp:ntp:4.3.11
...

© 2013 SecPod Technologies