CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1853 – chrony: authentication doesn't protect symmetric associations against DoS attacks
https://notcve.org/view.php?id=CVE-2015-1853
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. chrony versiones anteriores a 1.31.1, no protege apropiadamente las variables de estado en asociaciones NTP simétricas autenticadas, lo que permite a atacantes remotos con conocimiento del emparejamiento NTP causar una denegación de servicio (incapacidad de sincronización) mediante marcas de tiempo aleatorias en paquetes de datos NTP diseñados. A denial of service flaw was found in the way chrony hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. • http://chrony.tuxfamily.org/News.html https://security.gentoo.org/glsa/201507-01 https://access.redhat.com/security/cve/CVE-2015-1853 https://bugzilla.redhat.com/show_bug.cgi?id=1209572 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2012-4503
https://notcve.org/view.php?id=CVE-2012-4503
cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply. cmdmon.c en Chrony antes de 1.29 permite a atacantes remotos obtener información sensible de la pila de memoria a través de vectores relacionados con (1) una subred no válida en un comando RPY_SUBNETS_ACCESSED a la función handle_subnets_accessed o (2) un comando RPY_CLIENT_ACCESSES para la función handle_client_accesses cuando el inicio de sesión de cliente está desactivado, lo causa que datos no inicializados se incluyan en la respuesta. • http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3 http://permalink.gmane.org/gmane.comp.time.chrony.announce/15 http://seclists.org/oss-sec/2013/q3/332 http://www.debian.org/security/2013/dsa-2760 https://bugzilla.redhat.com/show_bug.cgi?id=846392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 24EXPL: 0CVE-2012-4502
https://notcve.org/view.php?id=CVE-2012-4502
Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit. Múltiples desbordamientos de enteros en pktlength.c en Chrony anterior a 1.29 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un (1) REQ_SUBNETS_ACCESSED manipulado o (2) comando REQ_CLIENT_ACCESSES a la función PKL_CommandLength o la manipulación de (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES), (5) RPY_CLIENT_ACCESSES_BY_INDEX, o (6) Respuesta del comando RPY_MANUAL_LIST por la función PKL_ReplyLength, lo que provoca un desbordamiento de buffer o lectura fuera de límite. NOTA: Las versiones 1.27 y 1.28 no requieren autenticación para su explotación. • http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=7712455d9aa33d0db0945effaa07e900b85987b1 http://permalink.gmane.org/gmane.comp.time.chrony.announce/15 http://seclists.org/oss-sec/2013/q3/332 http://www.debian.org/security/2013/dsa-2760 https://bugzilla.redhat.com/show_bug.cgi?id=846392 • CWE-189: Numeric Errors •