An out-of-bounds write flaw was found in the way Chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process.
Find out more about CVE-2015-1821 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 6 |
---|---|
Base Metrics | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | Single |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 7 (chrony) | RHSA-2015:2241 | 2015-11-19 |