tuxfamily chrony 1.21-pre1 vulnerabilities and exploits

(subscribe to this query)

The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony prior to 1.23.1, and 1.24-pre1, allows remote malicious users to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS mes...

Tuxfamily Chrony 1.19 Tuxfamily Chrony 1.20 Tuxfamily Chrony Tuxfamily Chrony 1.19.99.3 Tuxfamily Chrony 1.19-1 Tuxfamily Chrony 1.19.99.2 Tuxfamily Chrony 1.21-pre1 Tuxfamily Chrony 1.18 Tuxfamily Chrony 1.24-pre1 Tuxfamily Chrony 1.19.99.1 Tuxfamily Chrony 1.21

The client logging functionality in chronyd in Chrony prior to 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote malicious users to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

Tuxfamily Chrony 1.19 Tuxfamily Chrony 1.20 Tuxfamily Chrony Tuxfamily Chrony 1.19.99.3 Tuxfamily Chrony 1.19-1 Tuxfamily Chrony 1.19.99.2 Tuxfamily Chrony 1.21-pre1 Tuxfamily Chrony 1.18 Tuxfamily Chrony 1.24-pre1 Tuxfamily Chrony 1.19.99.1 Tuxfamily Chrony 1.21

chronyd in Chrony prior to 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote malicious users to cause a denial of service (disk consumption) via a large number of invalid packets.

Tuxfamily Chrony 1.19 Tuxfamily Chrony 1.20 Tuxfamily Chrony Tuxfamily Chrony 1.19.99.3 Tuxfamily Chrony 1.19-1 Tuxfamily Chrony 1.19.99.2 Tuxfamily Chrony 1.21-pre1 Tuxfamily Chrony 1.18 Tuxfamily Chrony 1.24-pre1 Tuxfamily Chrony 1.19.99.1 Tuxfamily Chrony 1.21

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook