Linux Distros Unpatched Vulnerability : CVE-2015-3405

🗓️ 04 Mar 2025 00:00:00Reported by TenableType

Linux/Unix host has vulnerability CVE-2015-3405 affecting ntp-keygen without vendor patch.

Reporter	Title	Published	Views	Family All 85
IBM Security Bulletins	IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index	31 Jan 202100:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405)	16 Jun 201821:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Mobile is affected by multiple NTP vulnerabilities	16 Jun 201821:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance	17 Jun 201822:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect PowerKVM	18 Jun 201801:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in ntp affect Power Hardware Management Console (CVE-2015-1798 CVE-2015-1799 CVE-2015-3405)	23 Sep 202101:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU C Library (glibc), OpenSSL and NTP affect IBM Flex System Chassis Management Module (CMM)	31 Jan 201902:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Web is affected by multiple NTP vulnerabilities	16 Jun 201821:38	–	ibm
Amazon	Low: ntp	2 Sep 201500:00	–	amazon
Tenable Nessus	Amazon Linux AMI : ntp (ALAS-2015-593)	3 Sep 201500:00	–	nessus

Source	Link
access	www.access.redhat.com/security/cve/cve-2015-3405
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(218825);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/28");

  script_cve_id("CVE-2015-3405");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2015-3405");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with
    sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20
    and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a
    brute force attack with the 93 possible keys. (CVE-2015-3405)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-3405");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3405");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ntp");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Red Hat Enterprise Linux-5");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Red Hat Enterprise Linux-5": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "5",
        "pkgs": [
          {"reference": "ntp"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

28 Jan 2026 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 25

CVSS 37.5

EPSS0.16556