chrony: denial of service

ID ASA-201504-9
Type archlinux
Reporter Arch Linux
Modified 2015-04-08T00:00:00


CVE-2015-1853 (denial of service): This issue is similiar to the "ntp CVE-2015-1799"-issue. An attacker knowing that NTP hosts A and B are peering with each other (symmetric association) can send a packet to host A with source address of B which will set the NTP state variables on A to the values sent by the attacker. Host A will then send on its next poll to B a packet with originate timestamp that doesn't match the transmit timestamp of B and the packet will be dropped. If the attacker does this periodically for both hosts, they won't be able to synchronize to each other. This is a known denial-of-service attack