Search...

Fedora Update for chrony FEDORA-2013-14539

2013-08-16T00:00:00

ID OPENVAS:1361412562310866460
Type openvas
Reporter Copyright (c) 2013 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for chrony FEDORA-2013-14539
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.866460");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2013-08-16 08:59:24 +0530 (Fri, 16 Aug 2013)");
  script_cve_id("CVE-2012-4502", "CVE-2012-4503");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_name("Fedora Update for chrony FEDORA-2013-14539");


  script_tag(name:"affected", value:"chrony on Fedora 18");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"FEDORA", value:"2013-14539");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114020.html");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'chrony'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC18");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC18")
{

  if ((res = isrpmvuln(pkg:"chrony", rpm:"chrony~1.29~1.fc18", rls:"FC18")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310866460", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for chrony FEDORA-2013-14539", "description": "The remote host is missing an update for the ", "published": "2013-08-16T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866460", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114020.html", "2013-14539"], "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "lastseen": "2019-05-29T18:38:27", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-4502", "CVE-2012-4503"]}, {"type": "openvas", "idList": ["OPENVAS:866826", "OPENVAS:1361412562310866826", "OPENVAS:866460", "OPENVAS:1361412562310867521", "OPENVAS:892760", "OPENVAS:867521", "OPENVAS:1361412562310892760", "OPENVAS:1361412562310121159"]}, {"type": "nessus", "idList": ["FEDORA_2013-14539.NASL", "NEWSTART_CGSL_NS-SA-2020-0112_CHRONY.NASL", "GENTOO_GLSA-201402-28.NASL", "NEWSTART_CGSL_NS-SA-2020-0027_CHRONY.NASL", "FEDORA_2013-14549.NASL", "DEBIAN_DSA-2760.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2760-1:3EAB8"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29884", "SECURITYVULNS:VULN:13323"]}, {"type": "gentoo", "idList": ["GLSA-201402-28"]}], "modified": "2019-05-29T18:38:27", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2019-05-29T18:38:27", "rev": 2}, "vulnersScore": 7.0}, "pluginID": "1361412562310866460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2013-14539\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866460\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-16 08:59:24 +0530 (Fri, 16 Aug 2013)\");\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for chrony FEDORA-2013-14539\");\n\n\n script_tag(name:\"affected\", value:\"chrony on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14539\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114020.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chrony'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.29~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T19:47:24", "description": "Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.", "edition": 5, "cvss3": {}, "published": "2013-11-05T21:55:00", "title": "CVE-2012-4502", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4502"], "modified": "2013-11-06T19:25:00", "cpe": ["cpe:/a:tuxfamily:chrony:1.0", "cpe:/a:tuxfamily:chrony:1.23", "cpe:/a:tuxfamily:chrony:1.25", "cpe:/a:tuxfamily:chrony:1.18", "cpe:/a:tuxfamily:chrony:1.20", "cpe:/a:tuxfamily:chrony:1.21", "cpe:/a:tuxfamily:chrony:1.28", "cpe:/a:tuxfamily:chrony:1.1", "cpe:/a:tuxfamily:chrony:1.19.99.1", "cpe:/a:tuxfamily:chrony:1.27", "cpe:/a:tuxfamily:chrony:1.19", "cpe:/a:tuxfamily:chrony:1.23.1", "cpe:/a:tuxfamily:chrony:1.26", "cpe:/a:tuxfamily:chrony:1.19.99.3", "cpe:/a:tuxfamily:chrony:1.19.99.2", "cpe:/a:tuxfamily:chrony:1.24"], "id": "CVE-2012-4502", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4502", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:tuxfamily:chrony:1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.24:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.28:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.23:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.26:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.27:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.28:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.27:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.24:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.21:pre1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:24", "description": "cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.", "edition": 5, "cvss3": {}, "published": "2013-11-05T21:55:00", "title": "CVE-2012-4503", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4503"], "modified": "2013-11-06T19:08:00", "cpe": ["cpe:/a:tuxfamily:chrony:1.0", "cpe:/a:tuxfamily:chrony:1.23", "cpe:/a:tuxfamily:chrony:1.25", "cpe:/a:tuxfamily:chrony:1.18", "cpe:/a:tuxfamily:chrony:1.20", "cpe:/a:tuxfamily:chrony:1.21", "cpe:/a:tuxfamily:chrony:1.28", "cpe:/a:tuxfamily:chrony:1.1", "cpe:/a:tuxfamily:chrony:1.19.99.1", "cpe:/a:tuxfamily:chrony:1.27", "cpe:/a:tuxfamily:chrony:1.19", "cpe:/a:tuxfamily:chrony:1.23.1", "cpe:/a:tuxfamily:chrony:1.26", "cpe:/a:tuxfamily:chrony:1.19.99.3", "cpe:/a:tuxfamily:chrony:1.19.99.2", "cpe:/a:tuxfamily:chrony:1.24"], "id": "CVE-2012-4503", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4503", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:tuxfamily:chrony:1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.24:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.28:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.23:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.26:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.27:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.28:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.27:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.24:*:*:*:*:*:*:*", "cpe:2.3:a:tuxfamily:chrony:1.21:pre1:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:38:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "Florian Weimer discovered two security problems in the Chrony time\nsynchronisation software (buffer overflows and use of uninitialised data\nin command replies).", "modified": "2019-03-18T00:00:00", "published": "2013-09-18T00:00:00", "id": "OPENVAS:1361412562310892760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892760", "type": "openvas", "title": "Debian Security Advisory DSA 2760-1 (chrony - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2760.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2760-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892760\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_name(\"Debian Security Advisory DSA 2760-1 (chrony - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 00:00:00 +0200 (Wed, 18 Sep 2013)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2760.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"chrony on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems will be fixed\nsoon in 1.24-3+squeeze1 (due to a technical restriction in the archive\nprocessing scripts the two updates cannot be released together).\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.24-3.1+deb7u2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your chrony packages.\");\n script_tag(name:\"summary\", value:\"Florian Weimer discovered two security problems in the Chrony time\nsynchronisation software (buffer overflows and use of uninitialised data\nin command replies).\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chrony\", ver:\"1.24-3.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:52:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "Check for the Version of chrony", "modified": "2017-07-10T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:866826", "href": "http://plugins.openvas.org/nasl.php?oid=866826", "type": "openvas", "title": "Fedora Update for chrony FEDORA-2013-14549", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2013-14549\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866826);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:30:29 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for chrony FEDORA-2013-14549\");\n\n tag_insight = \"A client/server for the Network Time Protocol, this program keeps your\ncomputer's clock accurate. It was specially designed to support\nsystems with intermittent internet connections, but it also works well\nin permanently connected environments. It can use also hardware reference\nclocks, system real-time clock or manual input as time references.\n\";\n\n tag_affected = \"chrony on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14549\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113878.html\");\n script_summary(\"Check for the Version of chrony\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.29~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "Gentoo Linux Local Security Checks GLSA 201402-28", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121159", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121159", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201402-28", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201402-28.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121159\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:58 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201402-28\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chrony. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201402-28\");\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201402-28\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/chrony\", unaffected: make_list(\"ge 1.29\"), vulnerable: make_list(\"lt 1.29\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:1361412562310866826", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866826", "type": "openvas", "title": "Fedora Update for chrony FEDORA-2013-14549", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2013-14549\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866826\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:30:29 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for chrony FEDORA-2013-14549\");\n\n\n script_tag(name:\"affected\", value:\"chrony on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14549\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113878.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chrony'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.29~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-18T11:09:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "Check for the Version of chrony", "modified": "2018-01-18T00:00:00", "published": "2013-08-16T00:00:00", "id": "OPENVAS:866460", "href": "http://plugins.openvas.org/nasl.php?oid=866460", "type": "openvas", "title": "Fedora Update for chrony FEDORA-2013-14539", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2013-14539\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866460);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-16 08:59:24 +0530 (Fri, 16 Aug 2013)\");\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for chrony FEDORA-2013-14539\");\n\n tag_insight = \"A client/server for the Network Time Protocol, this program keeps your\ncomputer's clock accurate. It was specially designed to support\nsystems with intermittent internet connections, but it also works well\nin permanently connected environments. It can use also hardware reference\nclocks, system real-time clock or manual input as time references.\n\";\n\n tag_affected = \"chrony on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14539\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114020.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of chrony\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.29~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "Florian Weimer discovered two security problems in the Chrony time\nsynchronisation software (buffer overflows and use of uninitialised data\nin command replies).", "modified": "2017-07-07T00:00:00", "published": "2013-09-18T00:00:00", "id": "OPENVAS:892760", "href": "http://plugins.openvas.org/nasl.php?oid=892760", "type": "openvas", "title": "Debian Security Advisory DSA 2760-1 (chrony - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2760.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2760-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"chrony on Debian Linux\";\ntag_insight = \"It consists of a pair of programs :\n`chronyd'. This is a daemon which runs in background on the system. It\nobtains measurements (e.g. via the network) of the system's offset\nrelative to other systems, and adjusts the system time accordingly. For\nisolated systems, the user can periodically enter the correct time by hand\n(using `chronyc'). In either case, `chronyd' determines the rate at which\nthe computer gains or loses time, and compensates for this. Chronyd\nimplements the NTP protocol and can act as either a client or a server.\n`chronyc'. This is a command-line driven control and monitoring program.\nAn administrator can use this to fine-tune various parameters within the\ndaemon, add or delete servers etc whilst the daemon is running.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems will be fixed\nsoon in 1.24-3+squeeze1 (due to a technical restriction in the archive\nprocessing scripts the two updates cannot be released together).\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.24-3.1+deb7u2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your chrony packages.\";\ntag_summary = \"Florian Weimer discovered two security problems in the Chrony time\nsynchronisation software (buffer overflows and use of uninitialised data\nin command replies).\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892760);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_name(\"Debian Security Advisory DSA 2760-1 (chrony - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-09-18 00:00:00 +0200 (Wed, 18 Sep 2013)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2760.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chrony\", ver:\"1.24-3.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2014-0021", "CVE-2012-4503"], "description": "Check for the Version of chrony", "modified": "2017-07-10T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:867521", "href": "http://plugins.openvas.org/nasl.php?oid=867521", "type": "openvas", "title": "Fedora Update for chrony FEDORA-2014-1916", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2014-1916\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867521);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:08:01 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0021\", \"CVE-2012-4502\", \"CVE-2012-4503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for chrony FEDORA-2014-1916\");\n\n tag_insight = \"A client/server for the Network Time Protocol, this program keeps your\ncomputer's clock accurate. It was specially designed to support\nsystems with intermittent internet connections, but it also works well\nin permanently connected environments. It can use also hardware reference\nclocks, system real-time clock or manual input as time references.\n\";\n\n tag_affected = \"chrony on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-1916\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html\");\n script_summary(\"Check for the Version of chrony\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.29.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2014-0021", "CVE-2012-4503"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310867521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867521", "type": "openvas", "title": "Fedora Update for chrony FEDORA-2014-1916", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2014-1916\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867521\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:08:01 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0021\", \"CVE-2012-4502\", \"CVE-2012-4503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for chrony FEDORA-2014-1916\");\n script_tag(name:\"affected\", value:\"chrony on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-1916\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chrony'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.29.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2760-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nSeptember 18, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chrony\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-4502 CVE-2012-4503\r\n\r\nFlorian Weimer discovered two security problems in the Chrony time\r\nsynchronisation software (buffer overflows and use of uninitialised data \r\nin command replies).\r\n\r\nFor the oldstable distribution (squeeze), these problems will be fixed\r\nsoon in 1.24-3+squeeze1 (due to a technical restriction in the archive\r\nprocessing scripts the two updates cannot be released together).\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 1.24-3.1+deb7u2.\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your chrony packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.14 (GNU/Linux)\r\n\r\niEYEARECAAYFAlI5us4ACgkQXm3vHE4uylrlUQCgvCa61ePC9BCE6psAn8ITrYsD\r\nDUAAn0k5R3D7CJjtHez/poKXeAuX7e+x\r\n=3Xwf\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2013-10-03T00:00:00", "published": "2013-10-03T00:00:00", "id": "SECURITYVULNS:DOC:29884", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29884", "title": "[SECURITY] [DSA 2760-1] chrony security update", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "Buffer overflow and uninitializaed pointer dereference on server reply parsing.", "edition": 1, "modified": "2013-10-03T00:00:00", "published": "2013-10-03T00:00:00", "id": "SECURITYVULNS:VULN:13323", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13323", "title": "Chrony security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "### Background\n\nChrony is a pair of programs which are used to maintain the accuracy of the system clock on a computer. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chrony. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition by sending specially crafted packets. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chrony users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/chrony-1.29\"", "edition": 1, "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "GLSA-201402-28", "href": "https://security.gentoo.org/glsa/201402-28", "type": "gentoo", "title": "Chrony: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-08-12T01:02:29", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2760-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 18, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chrony\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-4502 CVE-2012-4503\n\nFlorian Weimer discovered two security problems in the Chrony time\nsynchronisation software (buffer overflows and use of uninitialised data \nin command replies).\n\nFor the oldstable distribution (squeeze), these problems will be fixed\nsoon in 1.24-3+squeeze1 (due to a technical restriction in the archive\nprocessing scripts the two updates cannot be released together).\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.24-3.1+deb7u2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your chrony packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 6, "modified": "2013-09-18T14:39:48", "published": "2013-09-18T14:39:48", "id": "DEBIAN:DSA-2760-1:3EAB8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00171.html", "title": "[SECURITY] [DSA 2760-1] chrony security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:55:34", "description": "The remote host is affected by the vulnerability described in GLSA-201402-28\n(Chrony: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chrony. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly cause a Denial of Service condition by\n sending specially crafted packets.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-03-02T00:00:00", "title": "GLSA-201402-28 : Chrony: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "modified": "2014-03-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chrony", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201402-28.NASL", "href": "https://www.tenable.com/plugins/nessus/72755", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201402-28.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72755);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_bugtraq_id(61700, 61703);\n script_xref(name:\"GLSA\", value:\"201402-28\");\n\n script_name(english:\"GLSA-201402-28 : Chrony: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201402-28\n(Chrony: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chrony. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly cause a Denial of Service condition by\n sending specially crafted packets.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201402-28\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chrony users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/chrony-1.29'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chrony\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/chrony\", unaffected:make_list(\"ge 1.29\"), vulnerable:make_list(\"le 1.29\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chrony\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:59", "description": "This update fixes two security vulnerabilities: a crash when\nprocessing crafted commands (CVE-2012-4502) and uninitialized data\nsent in command replies (CVE-2012-4503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-08-15T00:00:00", "title": "Fedora 18 : chrony-1.29-1.fc18 (2013-14539)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "modified": "2013-08-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:chrony"], "id": "FEDORA_2013-14539.NASL", "href": "https://www.tenable.com/plugins/nessus/69365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14539.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69365);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_xref(name:\"FEDORA\", value:\"2013-14539\");\n\n script_name(english:\"Fedora 18 : chrony-1.29-1.fc18 (2013-14539)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two security vulnerabilities: a crash when\nprocessing crafted commands (CVE-2012-4502) and uninitialized data\nsent in command replies (CVE-2012-4503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=846392\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114020.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84bee3d0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chrony package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chrony\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"chrony-1.29-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chrony\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:48:08", "description": "Florian Weimer discovered two security problems in the Chrony time\nsynchronisation software (buffer overflows and use of uninitialised\ndata in command replies).", "edition": 16, "published": "2013-09-19T00:00:00", "title": "Debian DSA-2760-1 : chrony - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "modified": "2013-09-19T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:chrony"], "id": "DEBIAN_DSA-2760.NASL", "href": "https://www.tenable.com/plugins/nessus/69960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2760. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69960);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_bugtraq_id(61700, 61703);\n script_xref(name:\"DSA\", value:\"2760\");\n\n script_name(english:\"Debian DSA-2760-1 : chrony - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Florian Weimer discovered two security problems in the Chrony time\nsynchronisation software (buffer overflows and use of uninitialised\ndata in command replies).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chrony\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2760\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chrony packages.\n\nFor the oldstable distribution (squeeze), these problems will be fixed\nsoon in 1.24-3+squeeze1 (due to a technical restriction in the archive\nprocessing scripts the two updates cannot be released together).\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.24-3.1+deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chrony\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chrony\", reference:\"1.24-3.1+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:59", "description": "This update fixes two security vulnerabilities: a crash when\nprocessing crafted commands (CVE-2012-4502) and uninitialized data\nsent in command replies (CVE-2012-4503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-08-12T00:00:00", "title": "Fedora 19 : chrony-1.29-1.fc19 (2013-14549)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "modified": "2013-08-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:chrony"], "id": "FEDORA_2013-14549.NASL", "href": "https://www.tenable.com/plugins/nessus/69302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14549.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69302);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\");\n script_bugtraq_id(61700, 61703);\n script_xref(name:\"FEDORA\", value:\"2013-14549\");\n\n script_name(english:\"Fedora 19 : chrony-1.29-1.fc19 (2013-14549)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two security vulnerabilities: a crash when\nprocessing crafted commands (CVE-2012-4502) and uninitialized data\nsent in command replies (CVE-2012-4503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=846392\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113878.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b68c3c4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chrony package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chrony\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"chrony-1.29-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chrony\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:06:26", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by\nmultiple vulnerabilities:\n\n - Multiple integer overflows in pktlength.c in Chrony\n before 1.29 allow remote attackers to cause a denial of\n service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED\n or (2) REQ_CLIENT_ACCESSES command request to the\n PKL_CommandLength function or crafted (3)\n RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5)\n RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST\n command reply to the PKL_ReplyLength function, which\n triggers an out-of-bounds read or buffer overflow. NOTE:\n versions 1.27 and 1.28 do not require authentication to\n exploit. (CVE-2012-4502)\n\n - cmdmon.c in Chrony before 1.29 allows remote attackers\n to obtain potentially sensitive information from stack\n memory via vectors related to (1) an invalid subnet in a\n RPY_SUBNETS_ACCESSED command to the\n handle_subnets_accessed function or (2) a\n RPY_CLIENT_ACCESSES command to the\n handle_client_accesses function when client logging is\n disabled, which causes uninitialized data to be included\n in a reply. (CVE-2012-4503)\n\n - Chrony before 1.29.1 has traffic amplification in cmdmon\n protocol (CVE-2014-0021)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 5, "cvss3": {}, "published": "2020-05-27T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2014-0021", "CVE-2012-4503"], "modified": "2020-05-27T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0027_CHRONY.NASL", "href": "https://www.tenable.com/plugins/nessus/136904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0027. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136904);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\", \"CVE-2014-0021\");\n script_bugtraq_id(61700, 61703, 65035);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by\nmultiple vulnerabilities:\n\n - Multiple integer overflows in pktlength.c in Chrony\n before 1.29 allow remote attackers to cause a denial of\n service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED\n or (2) REQ_CLIENT_ACCESSES command request to the\n PKL_CommandLength function or crafted (3)\n RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5)\n RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST\n command reply to the PKL_ReplyLength function, which\n triggers an out-of-bounds read or buffer overflow. NOTE:\n versions 1.27 and 1.28 do not require authentication to\n exploit. (CVE-2012-4502)\n\n - cmdmon.c in Chrony before 1.29 allows remote attackers\n to obtain potentially sensitive information from stack\n memory via vectors related to (1) an invalid subnet in a\n RPY_SUBNETS_ACCESSED command to the\n handle_subnets_accessed function or (2) a\n RPY_CLIENT_ACCESSES command to the\n handle_client_accesses function when client logging is\n disabled, which causes uninitialized data to be included\n in a reply. (CVE-2012-4503)\n\n - Chrony before 1.29.1 has traffic amplification in cmdmon\n protocol (CVE-2014-0021)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0027\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL chrony packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-4503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"chrony-3.2-2.el7.cgslv5.0.1.g29cef58\",\n \"chrony-debuginfo-3.2-2.el7.cgslv5.0.1.g29cef58\"\n ],\n \"CGSL MAIN 5.04\": [\n \"chrony-3.2-2.el7.cgslv5.0.1.g29cef58\",\n \"chrony-debuginfo-3.2-2.el7.cgslv5.0.1.g29cef58\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chrony\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-11T11:58:24", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has chrony packages installed that are affected by\nmultiple vulnerabilities:\n\n - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial\n of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to\n the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5)\n RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which\n triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require\n authentication to exploit. (CVE-2012-4502)\n\n - cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from\n stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the\n handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses\n function when client logging is disabled, which causes uninitialized data to be included in a reply.\n (CVE-2012-4503)\n\n - Chrony before 1.29.1 has traffic amplification in cmdmon protocol (CVE-2014-0021)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : chrony Multiple Vulnerabilities (NS-SA-2020-0112)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4502", "CVE-2014-0021", "CVE-2012-4503"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0112_CHRONY.NASL", "href": "https://www.tenable.com/plugins/nessus/143974", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0112. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143974);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2012-4502\", \"CVE-2012-4503\", \"CVE-2014-0021\");\n script_bugtraq_id(61700, 61703, 65035);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : chrony Multiple Vulnerabilities (NS-SA-2020-0112)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has chrony packages installed that are affected by\nmultiple vulnerabilities:\n\n - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial\n of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to\n the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5)\n RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which\n triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require\n authentication to exploit. (CVE-2012-4502)\n\n - cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from\n stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the\n handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses\n function when client logging is disabled, which causes uninitialized data to be included in a reply.\n (CVE-2012-4503)\n\n - Chrony before 1.29.1 has traffic amplification in cmdmon protocol (CVE-2014-0021)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0112\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL chrony packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-4503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'chrony-3.2-2.el7.cgslv5_5',\n 'chrony-debuginfo-3.2-2.el7.cgslv5_5'\n ],\n 'CGSL MAIN 5.05': [\n 'chrony-3.2-2.el7.cgslv5_5',\n 'chrony-debuginfo-3.2-2.el7.cgslv5_5'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chrony');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with intermittent internet connections, but it also works well in permanently connected environments. It can use also hardware reference clocks, system real-time clock or manual input as time references. ", "modified": "2013-08-15T02:51:45", "published": "2013-08-15T02:51:45", "id": "FEDORA:4CBBC21B43", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: chrony-1.29-1.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4502", "CVE-2012-4503"], "description": "A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with intermittent internet connections, but it also works well in permanently connected environments. It can use also hardware reference clocks, system real-time clock or manual input as time references. ", "modified": "2013-08-11T18:32:58", "published": "2013-08-11T18:32:58", "id": "FEDORA:695C02165A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: chrony-1.29-1.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4502", "CVE-2012-4503", "CVE-2014-0021"], "description": "A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with intermittent internet connections, but it also works well in permanently connected environments. It can use also hardware reference clocks, system real-time clock or manual input as time references. ", "modified": "2014-02-20T00:47:04", "published": "2014-02-20T00:47:04", "id": "FEDORA:CD5B8228AD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: chrony-1.29.1-1.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}