CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14367
https://notcve.org/view.php?id=CVE-2020-14367
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. Se detectó un fallo en chrony versiones anteriores a 3.5.1, al crear el archivo PID en la carpeta /var/run/chrony. El archivo es creado durante el inicio de chronyd mientras aún se ejecuta como usuario root, y cuando se abre para escritura, chronyd no busca un enlace simbólico existente con el mismo nombre de archivo. • https://bugzilla.redhat.com/show_bug.cgi?id=1870298 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU https://security.gentoo.org/glsa/202008-23 https://usn.ubuntu.com/4475-1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 1CVE-2016-1567
https://notcve.org/view.php?id=CVE-2016-1567
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." chrony en versiones anteriores a 1.31.2 y 2.x en versiones anteriores a 2.2.1 no verifica las asociaciones del par de las claves simétricas cuando autentica paquetes, lo que podría permitir a atacantes remotos llevar a cabo ataques de suplantación de identidad a través de una clave de confianza arbitraria, también conocida como "skeleton key". • http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176559.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175969.html http://www.talosintel.com/reports/TALOS-2016-0071 • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1821 – chrony: Heap out of bound write in address filter
https://notcve.org/view.php?id=CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder. Desbordamiento de buffer basado en memoria dinámica en chrony anterior a 1.31.1 permite a usuarios remotos autenticados causar una denegación de servicio (caída de chronyd) o posiblemente ejecutar código arbitrario mediante la configuración del acceso (1) NTP o (2) cmdmon con un tamaño subnet que resulta indivisible por cuatro y una dirección con un bit no cero en el restante de subnet. An out-of-bounds write flaw was found in the way Chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process. • http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html http://www.debian.org/security/2015/dsa-3222 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/73955 https://security.gentoo.org/glsa/201507-01 https://access.redhat.com/security/cve/CVE-2015-1821 https://bugzilla.redhat.com/show_bug.cgi?id=1209631 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1822 – chrony: uninitialized pointer in cmdmon reply slots
https://notcve.org/view.php?id=CVE-2015-1822
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests. chrony anterior a 1.31.1 no inicializa el último puntero 'próximo' cuando guarda respuestas no reconocidas en solicitudes de comandos, lo que permite a usuarios remotos autenticados causar una denegación de servicio (referencia a puntero no inicializado y caída de demonio) o posiblemente ejecutar código arbitrario a través de un número grande de solicitudes de comandos. An uninitialized pointer use flaw was found when allocating memory to save unacknowledged replies to authenticated command requests. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process. • http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html http://www.debian.org/security/2015/dsa-3222 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/73956 https://security.gentoo.org/glsa/201507-01 https://access.redhat.com/security/cve/CVE-2015-1822 https://bugzilla.redhat.com/show_bug.cgi?id=1209632 • CWE-17: DEPRECATED: Code CWE-456: Missing Initialization of a Variable •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1853 – chrony: authentication doesn't protect symmetric associations against DoS attacks
https://notcve.org/view.php?id=CVE-2015-1853
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. chrony versiones anteriores a 1.31.1, no protege apropiadamente las variables de estado en asociaciones NTP simétricas autenticadas, lo que permite a atacantes remotos con conocimiento del emparejamiento NTP causar una denegación de servicio (incapacidad de sincronización) mediante marcas de tiempo aleatorias en paquetes de datos NTP diseñados. A denial of service flaw was found in the way chrony hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. • http://chrony.tuxfamily.org/News.html https://security.gentoo.org/glsa/201507-01 https://access.redhat.com/security/cve/CVE-2015-1853 https://bugzilla.redhat.com/show_bug.cgi?id=1209572 • CWE-345: Insufficient Verification of Data Authenticity •