Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-4503

Published: 05/11/2013 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

cmdmon.c in Chrony prior to 1.29 allows remote malicious users to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.

Vulnerable Product Search on Vulmon Subscribe to Product

tuxfamily chrony 1.24

tuxfamily chrony 1.21

tuxfamily chrony 1.19

tuxfamily chrony 1.23

tuxfamily chrony 1.25

tuxfamily chrony 1.1

tuxfamily chrony 1.27

tuxfamily chrony 1.20

tuxfamily chrony

tuxfamily chrony 1.19.99.3

tuxfamily chrony 1.23.1

tuxfamily chrony 1.19.99.2

tuxfamily chrony 1.0

tuxfamily chrony 1.28

tuxfamily chrony 1.18

tuxfamily chrony 1.26

tuxfamily chrony 1.19.99.1

Vendor Advisories

Debian CVElist Bug Report Logs: chrony: CVE-2012-4502 and CVE-2012-4503
Debian Bug report logs - #719203 chrony: CVE-2012-4502 and CVE-2012-4503 Package: chrony; Maintainer for chrony is Vincent Blut <vincentdebian@freefr>; Source for chrony is src:chrony (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Aug 2013 08:51:02 UTC Severity: grave Tag ...
Debian Security Advisories: DSA-2760-1 chrony -- several vulnerabilities
Florian Weimer discovered two security problems in the Chrony time synchronisation software (buffer overflows and use of uninitialised data in command replies) For the oldstable distribution (squeeze), these problems will be fixed soon in 124-3+squeeze1 (due to a technical restriction in the archive processing scripts the two updates cannot be re ...
Red Hat: CVE-2012-4503
cmdmonc in Chrony before 129 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which ...

References

CWE-200http://seclists.org/oss-sec/2013/q3/332http://www.debian.org/security/2013/dsa-2760https://bugzilla.redhat.com/show_bug.cgi?id=846392http://permalink.gmane.org/gmane.comp.time.chrony.announce/15http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719203https://access.redhat.com/security/cve/cve-2012-4503https://www.debian.org/security/./dsa-2760
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCPCVE-2024-4577CVE-2024-2695CVE-2024-31870injectionCVE-2024-3813arbitrary codeCVE-2024-27801CVE-2024-30120
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook