CVE-2010-0293

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

La funcionalidad "client logging" en chronyd en Chrony anterior a v1.23.1, no restringe la cantidad de memoria empleada para almacenar la información de un cliente, lo que permite a atacantes remotos, provocar una denegación de servicio (consumo de memoria) mediante la suplantación de paquetes (1) NTP o (2) cmdmon.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-01-12 CVE Reserved
2010-02-05 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (7)

URL	Tag	Source
http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753	X_refsource_confirm
http://www.securityfocus.com/bid/38106	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=555367	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://chrony.tuxfamily.org/News.html	2023-11-07
http://secunia.com/advisories/38428	2023-11-07
http://secunia.com/advisories/38480	2023-11-07
http://www.debian.org/security/2010/dsa-1992	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				<= 1.23-pre1 Search vendor "Tuxfamily" for product "Chrony" and version " <= 1.23-pre1"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.18 Search vendor "Tuxfamily" for product "Chrony" and version "1.18"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.19 Search vendor "Tuxfamily" for product "Chrony" and version "1.19"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.19-1 Search vendor "Tuxfamily" for product "Chrony" and version "1.19-1"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.19.99.1 Search vendor "Tuxfamily" for product "Chrony" and version "1.19.99.1"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.19.99.2 Search vendor "Tuxfamily" for product "Chrony" and version "1.19.99.2"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.19.99.3 Search vendor "Tuxfamily" for product "Chrony" and version "1.19.99.3"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.20 Search vendor "Tuxfamily" for product "Chrony" and version "1.20"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.21 Search vendor "Tuxfamily" for product "Chrony" and version "1.21"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.21-pre1 Search vendor "Tuxfamily" for product "Chrony" and version "1.21-pre1"		-		Affected
Tuxfamily Search vendor "Tuxfamily"		Chrony Search vendor "Tuxfamily" for product "Chrony"				1.24-pre1 Search vendor "Tuxfamily" for product "Chrony" and version "1.24-pre1"		-		Affected