20 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-14367
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while...
ROS-2-455
2.455 Follow link in chrony CVE-2020-14367 1. Vulnerability Description: CVE-2020-14367 Vulnerability allows a remote attacker to compromise a target system due to issues with a symbolic link to a service.FSTEC Russia Information Security Threats Data Bank Identifier: BDU:2021-01809 2. Possible...
openSUSE 15 Security Update : chrony (openSUSE-SU-2022:0845-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0845-1 advisory. - A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd...
ROS-2-1182
2.1182 Follow link in chrony CVE-2020-14367 1. Vulnerability Description: CVE-2020-14367 Vulnerability allows a remote attacker to compromise a target system due to issues with a symbolic link to a service.FSTEC Russia Information Security Threats Data Bank Identifier: BDU:2021-01809 2. Possible...
ROS-2-1230
2.1230 Follow link in chrony CVE-2020-14367 1. Vulnerability Description: CVE-2020-14367 Vulnerability allows a remote attacker to compromise a target system due to issues with a symbolic link to a service.FSTEC Russia Information Security Threats Data Bank Identifier: BDU:2021-01809 2. Possible...
ROS-2-648
2.648 Follow link in chrony CVE-2020-14367 1. Vulnerability Description: CVE-2020-14367 Vulnerability allows a remote attacker to compromise a target system due to issues with a symbolic link to a service.FSTEC Russia Information Security Threats Data Bank Identifier: BDU:2021-01809 2. Possible...
EulerOS Virtualization for ARM 64 3.0.2.0 : chrony (EulerOS-SA-2021-2110)
According to the version of the chrony package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd...
Huawei EulerOS: Security Advisory for chrony (EulerOS-SA-2021-1429)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for chrony (EulerOS-SA-2021-1462)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for chrony (EulerOS-SA-2021-1182)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : chrony (ALAS-2021-1575)
The version of chrony installed on the remote host is prior to 3.5.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1575 advisory. A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup...
Medium: chrony
Issue Overview: A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name...
Huawei EulerOS: Security Advisory for chrony (EulerOS-SA-2020-2509)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for chrony (EulerOS-SA-2020-2482)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for chrony (EulerOS-SA-2020-2495)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 8 package chrony version 3.5.1-alt1
3.5.1-alt1 built Sept. 4, 2020 Anton Farygin in task 256941 Aug. 26, 2020 Anton Farygin - 3.5.1 fixes: CVE-2020-14367...
Medium: chrony
Issue Overview: A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name...
GLSA-202008-23 : chrony: Symlink vulnerability
The remote host is affected by the vulnerability described in GLSA-202008-23 chrony: Symlink vulnerability It was found that chrony did not check whether its PID file was a symlink. Impact : A local attacker could perform symlink attacks to overwrite arbitrary files with root privileges. Workarou...
CVE-2020-14367
Chrony before 3.5.1 is vulnerable to a local symlink attack on its PID file in /var/run/chrony. During startup, the PID file is created as root and, per sources, chronyd does not check for an existing symlink with the same file name. A privileged attacker could create a symlink named chrony’s def...
MGASA-2020-0341 Updated chrony package fixes security vulnerability
Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack CVE-2020-14367...