[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian syst
From: cve-assign () mitre ! org
Date: 2015-04-23 7:03:00
Message-ID: 20150423070300.497C93320B1 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> * [Bug 2797] ntp-keygen trapped in endless loop for MD5 keys on big-endian machines.
> https://bugs.ntp.org/show_bug.cgi?id=2797
>
> Patch: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
> While the endless loop is not a security flaw per se
The unstated rationale here seems to be "ntp-keygen is a command-line
program that is not normally exposed in a way that crosses privilege
boundaries."
The documentation mentions:
After setting up the environment it is advisable to update certificates
from time to time, if only to extend the validity interval.
Simply run
@code{ntp-keygen}
with the same flags as before to generate new certificates
It seems plausible that some sites may have created a web interface so
that operations staff can occasionally do a certificate update (maybe
with a new key), but these staff don't have login access to the
machine running NTP. The flaw would give them the new ability to
(sometimes) launch a CPU consumption attack. However, we have not
actually heard of anyone with a web-based ntp-keygen arrangement, so
we currently don't want to assign a CVE ID for that.
> the fact that
> ntp-keygen generates non-random keys is. If the lowest byte of the temp
> variable happens to be between 0x20 and 0x7f and not #, the generated
> MD5 key will consist of 20 identical characters, meaning only 93
> possible keys can be generated.
Use CVE-2015-3405 for this code error that results in a key space
that's much smaller than expected.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJVOJgkAAoJEKllVAevmvmsSUMH/3wjdFZGeR9ubvEm6Yb0tq9q
lbbGuZSawcdPL/F45VYB+u75VTIjlJx6I693Rn+UwIvHYadOCARkk0/JBmf7GUyL
ANPAxy8RW0QnvB9eByTgiX2SREtGVkIusRSgOB37mZf5+rsjNZTbcEojBO0rIOO3
6PeslrWHMehqnp3rN8phCZWArinLCBaI/f+ohLLA0uYjpNM7MNvA1ULn9F0tuuic
ZOPMTCLynPDm9gGXS0yv7HWuE5Jni05ngq6+NcAI7xeCqpJQQ2uBB1JmJrg12e/R
yS/JSn+s7BFGb59/WPtg1fvIFiv2EAKU4DhhwP0vawzNCZcnZqESLF1umaQKsDs=
=yDz2
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic