31 matches found
CVE-2010-0294
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service disk consumption via a large number of invalid packets...
EUVD-2010-0324
Malware in sbrugna...
EUVD-2007-0706
Malware in sbrugna...
EUVD-2014-0122
Malware in sbrugna...
EUVD-2010-0323
Malware in sbrugna...
CVE-2010-0292
The readfromcmdsocket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service CPU and bandwidth consumption by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a...
SUSE CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1...
CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
DEBIAN-CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
UBUNTU-CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol...
CVE-2014-0021
Chrony before 1.29.1 is vulnerable to a traffic amplification issue in the cmdmon protocol (CVE-2014-0021). The flaw allows an attacker to exploit chronyd over the network, potentially abusing the protocol’s cmdmon handling. Public records across OSV and Nessus references affirm this CVE affectin...
Amazon Linux AMI : chrony (ALAS-2015-539)
As reported upstream : When NTP or cmdmon access was configured from chrony.conf or via authenticated cmdmon with a subnet size that is indivisible by 4 and an address that has nonzero bits in the 4-bit subnet remainder e.g. 192.168.15.0/22 or f000::/3, the new setting was written to an incorrect...
CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
UBUNTU-CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...
CVE-2015-1821
CVE-2015-1821 affects the chrony project (chronyd/chronyc). The issue is an out-of-bounds write flaw in how chrony stores certain addresses when configuring NTP or cmdmon access, triggered by a subnet size not divisible by four and an address with a nonzero bit in the subnet remainder. This can a...