CVE-2012-4502
https://notcve.org/view.php?id=CVE-2012-4502
Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit. Múltiples desbordamientos de enteros en pktlength.c en Chrony anterior a 1.29 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un (1) REQ_SUBNETS_ACCESSED manipulado o (2) comando REQ_CLIENT_ACCESSES a la función PKL_CommandLength o la manipulación de (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES), (5) RPY_CLIENT_ACCESSES_BY_INDEX, o (6) Respuesta del comando RPY_MANUAL_LIST por la función PKL_ReplyLength, lo que provoca un desbordamiento de buffer o lectura fuera de límite. NOTA: Las versiones 1.27 y 1.28 no requieren autenticación para su explotación. • http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=7712455d9aa33d0db0945effaa07e900b85987b1 http://permalink.gmane.org/gmane.comp.time.chrony.announce/15 http://seclists.org/oss-sec/2013/q3/332 http://www.debian.org/security/2013/dsa-2760 https://bugzilla.redhat.com/show_bug.cgi?id=846392 • CWE-189: Numeric Errors •
CVE-2012-4503
https://notcve.org/view.php?id=CVE-2012-4503
cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply. cmdmon.c en Chrony antes de 1.29 permite a atacantes remotos obtener información sensible de la pila de memoria a través de vectores relacionados con (1) una subred no válida en un comando RPY_SUBNETS_ACCESSED a la función handle_subnets_accessed o (2) un comando RPY_CLIENT_ACCESSES para la función handle_client_accesses cuando el inicio de sesión de cliente está desactivado, lo causa que datos no inicializados se incluyan en la respuesta. • http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3 http://permalink.gmane.org/gmane.comp.time.chrony.announce/15 http://seclists.org/oss-sec/2013/q3/332 http://www.debian.org/security/2013/dsa-2760 https://bugzilla.redhat.com/show_bug.cgi?id=846392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0292
https://notcve.org/view.php?id=CVE-2010-0292
The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563. La función read_from_cmd_socket function en cmdmon.c en chronyd en Chrony anterior a v1.23.1, y v1.24-pre1, permite a atacantes remotos provocar una denegación de servicio (Consumo de CPU y ancho de banda) mediante el envío de un paquete cmdmon modificado que provoca un intercambio continuo de mensajes NOHOSTACCESS entre dos demonios. Relacionado con CVE-2009-3563. • http://chrony.tuxfamily.org/News.html http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=7864c7a70ce00369194e734eb2842ecc5f8db531 http://secunia.com/advisories/38428 http://secunia.com/advisories/38480 http://www.debian.org/security/2010/dsa-1992 http://www.securityfocus.com/bid/38106 https://bugzilla.redhat.com/show_bug.cgi?id=555367 • CWE-399: Resource Management Errors •
CVE-2010-0293
https://notcve.org/view.php?id=CVE-2010-0293
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets. La funcionalidad "client logging" en chronyd en Chrony anterior a v1.23.1, no restringe la cantidad de memoria empleada para almacenar la información de un cliente, lo que permite a atacantes remotos, provocar una denegación de servicio (consumo de memoria) mediante la suplantación de paquetes (1) NTP o (2) cmdmon. • http://chrony.tuxfamily.org/News.html http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753 http://secunia.com/advisories/38428 http://secunia.com/advisories/38480 http://www.debian.org/security/2010/dsa-1992 http://www.securityfocus.com/bid/38106 https://bugzilla.redhat.com/show_bug.cgi?id=555367 • CWE-399: Resource Management Errors •
CVE-2010-0294
https://notcve.org/view.php?id=CVE-2010-0294
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets. chronyd en Chrony anterior a v1.23.1, y posiblemente v 1.24-pre1, genera un mensage syslog para cada paquete cmdmon no autorizado, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de disco) a través de un número elevado de paquetes no válidos. • http://chrony.tuxfamily.org/News.html http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=0b710499f994823bd938fc6895f097eefb9cc59f http://secunia.com/advisories/38428 http://secunia.com/advisories/38480 http://www.debian.org/security/2010/dsa-1992 http://www.securityfocus.com/bid/38106 https://bugzilla.redhat.com/show_bug.cgi?id=555367 • CWE-399: Resource Management Errors •