Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-0021

Published: 15/11/2019 Updated: 18/08/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Chrony

Vulnerability Summary

Chrony prior to 1.29.1 has traffic amplification in cmdmon protocol

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

chrony project chrony

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 19

fedoraproject fedora 20

Vendor Advisories

Debian CVElist Bug Report Logs: chrony: CVE-2014-0021: traffic amplification in cmdmon protocol
Debian Bug report logs - #737644 chrony: CVE-2014-0021: traffic amplification in cmdmon protocol Package: chrony; Maintainer for chrony is Vincent Blut <vincentdebian@freefr>; Source for chrony is src:chrony (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Feb 2014 16:12:01 ...
Amazon Linux AMI: ALAS-2014-366
It was reported that the cmdmon protocol implemented in chrony was found to be vulnerable to DDoS attacks using traffic amplification By default, commands are allowed only from localhost, but it's possible to configure chronyd to allow commands from any address This could allow a remote attacker to cause a DoS, which could cause excessive resourc ...

References

NVD-CWE-Otherhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90925http://www.openwall.com/lists/oss-security/2014/01/18/3http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.htmlhttps://security-tracker.debian.org/tracker/CVE-2014-0021http://www.securityfocus.com/bid/65035http://www.openwall.com/lists/oss-security/2014/01/18/2http://www.openwall.com/lists/oss-security/2014/01/17/9http://www.openwall.com/lists/oss-security/2014/01/18/1http://www.openwall.com/lists/oss-security/2014/01/19/1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737644https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2014-366.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook