Published: 08/02/2010 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony prior to 1.23.1, and 1.24-pre1, allows remote malicious users to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tuxfamily chrony 1.19
tuxfamily chrony 1.20
tuxfamily chrony
tuxfamily chrony 1.19.99.3
tuxfamily chrony 1.19-1
tuxfamily chrony 1.19.99.2
tuxfamily chrony 1.21-pre1
tuxfamily chrony 1.18
tuxfamily chrony 1.24-pre1
tuxfamily chrony 1.19.99.1
tuxfamily chrony 1.21

Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer This issues are similar to the NTP security flaw CVE-2009-3563 The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0292 chronyd replies to all cmdmon packe ...

CWE-399 http://secunia.com/advisories/38480 http://www.securityfocus.com/bid/38106 http://chrony.tuxfamily.org/News.html http://www.debian.org/security/2010/dsa-1992 http://secunia.com/advisories/38428 https://bugzilla.redhat.com/show_bug.cgi?id=555367 http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=7864c7a70ce00369194e734eb2842ecc5f8db531 https://nvd.nist.gov https://www.debian.org/security/./dsa-1992

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0292

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect