Impact: Moderate Public Date: 2015-04-07 CWE: CWE-345 Bugzilla: 1209572: CVE-2015-1853 chrony: authentication doesn't protect symmetric associations against DoS attacks A denial of service flaw was found in the way chrony hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers.
Find out more about CVE-2015-1853 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 4.3 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 7 (chrony) | RHSA-2015:2241 | 2015-11-19 |