17 matches found
CVE-2010-0294
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service disk consumption via a large number of invalid packets...
Configure the chronyd Service Properly
If the time server is incorrectly configured, the time of the local server may be inconsistent with that of other servers or the standard time. If time is incorrect, services that strongly depend on time synchronization, such as market transactions, may be interrupted, and attackers may exploit t...
ROS-20240704-09
Vulnerability of the chronyd daemon implementation of Network Time Protocol NTP Chrony is related to incorrect reference definition before accessing a file in /var/run/chrony directory. Exploitation the vulnerability could allow an attacker to cause a denial of service by using a specially crafte...
chrony: uninitialized pointer in cmdmon reply slots
An uninitialized pointer use flaw was found when allocating memory to save unacknowledged replies to authenticated command requests. An attacker that has the command key and is allowed to access cmdmon only localhost is allowed by default could use this flaw to crash chronyd or, possibly, execute...
chrony: Heap out of bound write in address filter
An out-of-bounds write flaw was found in the way Chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon only localhost is allowed by default could use this flaw to crash chronyd or, possibly, execute arbitrary co...
CVE-2010-0294
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service disk consumption via a large number of invalid packets...
DEBIAN-CVE-2010-0293
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service memory consumption via spoofed 1 NTP or 2 cmdmon packets...
CVE-2010-0293
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service memory consumption via spoofed 1 NTP or 2 cmdmon packets...
CVE-2010-0292
The readfromcmdsocket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service CPU and bandwidth consumption by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a...
CVE-2010-0294
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service disk consumption via a large number of invalid packets...
Sql injection
The readfromcmdsocket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service CPU and bandwidth consumption by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a...
CVE-2010-0294
CVE-2010-0294 affects chronyd in Chrony prior to 1.23.1 (and possibly 1.24-pre1). The issue: when unauthorized cmdmon packets are received, chronyd logs a syslog entry for each packet, enabling an attacker to cause a denial of service by consuming disk space through a flood of invalid packets. Pu...
CVE-2010-0293
CVE-2010-0293 affects chronyd in Chrony prior to 1.23.1, where the client logging facility does not cap memory used for storing client information. This can allow remote attackers to exhaust memory via spoofed NTP or cmdmon packets, causing denial of service. Affected software: chronyd/Chrony bef...
CVE-2010-0294
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service disk consumption via a large number of invalid packets...
CVE-2010-0293
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service memory consumption via spoofed 1 NTP or 2 cmdmon packets...
CVE-2010-0292
The Chrony CVE-2010-0292 issue affects chronyd’s cmdmon path: read_from_cmd_socket in cmdmon.c allows a spoofed cmdmon packet to trigger a loop of NOHOSTACCESS messages between daemons, causing CPU and network resource exhaustion (DoS). Affected releases are Chrony before 1.23.1 and 1.24-pre1. De...
CVE-2010-0294
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service disk consumption via a large number of invalid packets...