CVE-2015-3405 (retired)

Priority
Description
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does
not generate MD5 keys with sufficient entropy on big endian machines when
the lowest order byte of the temp variable is between 0x20 and 0x7f and not
#, which might allow remote attackers to obtain the value of generated MD5
keys via a brute force attack with the 93 possible keys.
Notes
 mdeslaur> fixed in USN-2567-1 before the CVE was assigned
 mdeslaur> we will not be fixing this in lucid before it goes EoL
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.2.8p2)
More Information

Updated: 2019-09-19 15:53:38 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)