31 matches found
CVE-2010-0294
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service disk consumption via a large number of invalid packets...
EUVD-2010-0324
Malware in sbrugna...
EUVD-2010-0323
Malware in sbrugna...
EUVD-2007-0706
Malware in sbrugna...
EUVD-2014-0122
Malware in sbrugna...
CVE-2010-0292
The readfromcmdsocket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service CPU and bandwidth consumption by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a...
SUSE CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1...
CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
DEBIAN-CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
UBUNTU-CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
CVE-2014-0021
Chrony before 1.29.1 is vulnerable to a traffic amplification issue in the cmdmon protocol (CVE-2014-0021). The flaw allows an attacker to exploit chronyd over the network, potentially abusing the protocol’s cmdmon handling. Public records across OSV and Nessus references affirm this CVE affectin...
CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
Amazon Linux AMI : chrony (ALAS-2015-539)
As reported upstream : When NTP or cmdmon access was configured from chrony.conf or via authenticated cmdmon with a subnet size that is indivisible by 4 and an address that has nonzero bits in the 4-bit subnet remainder e.g. 192.168.15.0/22 or f000::/3, the new setting was written to an incorrect...
CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
UBUNTU-CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
CVE-2015-1821
CVE-2015-1821 affects the chrony project (chronyd/chronyc). The issue is an out-of-bounds write flaw in how chrony stores certain addresses when configuring NTP or cmdmon access, triggered by a subnet size not divisible by four and an address with a nonzero bit in the subnet remainder. This can a...