CVE-2015-3405

Public on 2015-09-02

Modified on 2016-02-09

Description

A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server.

Severity

Low

See what this means

CVSS v3 Base Score

4.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	ntp	2015-09-02 12:00	ALAS-2015-593

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	4.0	AV:N/AC:H/Au:N/C:P/I:P/A:N
NVD	CVSSv2	5.0	AV:N/AC:L/Au:N/C:P/I:N/A:N
NVD	CVSSv3	7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Red Hat: CVE-2015-3405 Mitre: CVE-2015-3405 FAQs regarding Amazon Linux ALAS/CVE Severity