Published: 08/02/2010 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The client logging functionality in chronyd in Chrony prior to 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote malicious users to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tuxfamily chrony 1.19
tuxfamily chrony 1.20
tuxfamily chrony
tuxfamily chrony 1.19.99.3
tuxfamily chrony 1.19-1
tuxfamily chrony 1.19.99.2
tuxfamily chrony 1.21-pre1
tuxfamily chrony 1.18
tuxfamily chrony 1.24-pre1
tuxfamily chrony 1.19.99.1
tuxfamily chrony 1.21

Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer This issues are similar to the NTP security flaw CVE-2009-3563 The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0292 chronyd replies to all cmdmon packe ...

CWE-399 http://secunia.com/advisories/38428 http://www.debian.org/security/2010/dsa-1992 http://www.securityfocus.com/bid/38106 http://chrony.tuxfamily.org/News.html http://secunia.com/advisories/38480 https://bugzilla.redhat.com/show_bug.cgi?id=555367 http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753 https://nvd.nist.gov https://www.debian.org/security/./dsa-1992

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0293

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect