CVE-2015-1821

Synopsis Moderate: chrony security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated chrony packages that fix three security issues, several bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this updat ...

Debian Bug report logs - #782160 chrony: Multiple issues: CVE-2015-1821 CVE-2015-1822 CVE-2015-1853 Package: src:chrony; Maintainer for src:chrony is Vincent Blut <vincentdebian@freefr>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 8 Apr 2015 18:09:02 UTC Severity: grave Tags: fixed-upstream, p ...

Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server: CVE-2015-1821 Using particular address/subnet pairs when configuring access control would cause an invalid memory write This could allow attackers to cause a denial of service (crash) or execute arbitrary code CVE-2015-182 ...

As reported <a href="chronytuxfamilyorg/Newshtml">upstream</a>: When NTP or cmdmon access was configured (from chronyconf or via authenticated cmdmon) with a subnet size that is indivisible by 4 and an address that has nonzero bits in the 4-bit subnet remainder (eg 192168150/22 or f000::/3), the new setting was written t ...

An out-of-bounds write flaw was found in the way Chrony stored certain addresses when configuring NTP or cmdmon access An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process ...