CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14367 – Gentoo Linux Security Advisory 202008-23
https://notcve.org/view.php?id=CVE-2020-14367
24 Aug 2020 — A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the ... • https://bugzilla.redhat.com/show_bug.cgi?id=1870298 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 1CVE-2016-1567
https://notcve.org/view.php?id=CVE-2016-1567
26 Jan 2016 — chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." chrony en versiones anteriores a 1.31.2 y 2.x en versiones anteriores a 2.2.1 no verifica las asociaciones del par de las claves simétricas cuando autentica paquetes, lo que podría permitir a atacantes remotos llevar a cabo ataques de suplantación de identidad a través d... • http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2015-1821 – chrony: Heap out of bound write in address filter
https://notcve.org/view.php?id=CVE-2015-1821
13 Apr 2015 — Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder. Desbordamiento de buffer basado en memoria dinámica en chrony anterior a 1.31.1 permite a usuarios remotos autenticados causar una denegación de servicio (caída de chronyd) o posiblemente ejecu... • http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1822 – chrony: uninitialized pointer in cmdmon reply slots
https://notcve.org/view.php?id=CVE-2015-1822
13 Apr 2015 — chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests. chrony anterior a 1.31.1 no inicializa el último puntero 'próximo' cuando guarda respuestas no reconocidas en solicitudes de comandos, lo que permite a usuarios remotos autenticados causar una d... • http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html • CWE-17: DEPRECATED: Code CWE-456: Missing Initialization of a Variable •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1853 – chrony: authentication doesn't protect symmetric associations against DoS attacks
https://notcve.org/view.php?id=CVE-2015-1853
13 Apr 2015 — chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. chrony versiones anteriores a 1.31.1, no protege apropiadamente las variables de estado en asociaciones NTP simétricas autenticadas, lo que permite a atacantes remotos con conocimiento del emparejamiento NTP causar una denegación de serv... • http://chrony.tuxfamily.org/News.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2012-4502 – Debian Security Advisory 2760-1
https://notcve.org/view.php?id=CVE-2012-4502
18 Sep 2013 — Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authe... • http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=7712455d9aa33d0db0945effaa07e900b85987b1 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2012-4503 – Debian Security Advisory 2760-1
https://notcve.org/view.php?id=CVE-2012-4503
18 Sep 2013 — cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply. cmdmon.c en Chrony antes de 1.29 permite a atacantes remotos obtener información sensible de la pila de memo... • http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2010-0292
https://notcve.org/view.php?id=CVE-2010-0292
08 Feb 2010 — The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563. La función read_from_cmd_socket function en cmdmon.c en chronyd en Chrony anterior a v1.23.1, y v1.24-pre1, permite a atacantes remotos provocar una denegación de servicio (Consum... • http://chrony.tuxfamily.org/News.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2010-0293
https://notcve.org/view.php?id=CVE-2010-0293
08 Feb 2010 — The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets. La funcionalidad "client logging" en chronyd en Chrony anterior a v1.23.1, no restringe la cantidad de memoria empleada para almacenar la información de un cliente, lo que permite a atacantes remotos, provocar una denegación de servicio (cons... • http://chrony.tuxfamily.org/News.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2010-0294
https://notcve.org/view.php?id=CVE-2010-0294
08 Feb 2010 — chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets. chronyd en Chrony anterior a v1.23.1, y posiblemente v 1.24-pre1, genera un mensage syslog para cada paquete cmdmon no autorizado, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de disco) a través de un número elevado de paquetes no válidos. • http://chrony.tuxfamily.org/News.html • CWE-399: Resource Management Errors •