|
|
Subscribe / Log in / New account

chrony: multiple vulnerabilities

Package(s):chrony CVE #(s):CVE-2015-1821 CVE-2015-1822 CVE-2015-1853
Created:April 13, 2015 Updated:December 22, 2015
Description: From the Debian advisory:

CVE-2015-1821: Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code.

CVE-2015-1822: When allocating memory to save unacknowledged replies to authenticated command requests, a pointer would be left uninitialized, which could trigger an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code.

CVE-2015-1853: When peering with other NTP hosts using authenticated symmetric association, the internal state variables would be updated before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers.

Alerts:
Scientific Linux SLSA-2015:2241-3 chrony 2015-12-21
Oracle ELSA-2015-2241 chrony 2015-11-23
Red Hat RHSA-2015:2241-03 chrony 2015-11-19
Gentoo 201507-01 chrony 2015-07-05
Fedora FEDORA-2015-5809 chrony 2015-04-24
Mageia MGASA-2015-0163 chrony 2015-04-23
Fedora FEDORA-2015-5816 chrony 2015-04-22
Debian-LTS DLA-193-1 chrony 2015-04-12
Debian DSA-3222-1 chrony 2015-04-12
to post comments

chrony: multiple vulnerabilities

Posted Apr 30, 2015 20:53 UTC (Thu) by toyotabedzrock (guest, #88005) [Link]

When will someone finally make a universal and fast way for incoming packets and data structures to be checked, each program should define what it expects, so we can end this daily parade of surprises.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds