{"cve": [{"lastseen": "2016-09-03T13:27:38", "bulletinFamily": "NVD", "description": "chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.", "modified": "2010-02-09T00:00:00", "published": "2010-02-08T15:30:01", "id": "CVE-2010-0294", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0294", "title": "CVE-2010-0294", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T13:27:35", "bulletinFamily": "NVD", "description": "The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.", "modified": "2010-02-09T00:00:00", "published": "2010-02-08T15:30:00", "id": "CVE-2010-0292", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0292", "title": "CVE-2010-0292", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T13:27:37", "bulletinFamily": "NVD", "description": "The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.", "modified": "2010-02-09T00:00:00", "published": "2010-02-08T15:30:01", "id": "CVE-2010-0293", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0293", "title": "CVE-2010-0293", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-22T13:06:07", "bulletinFamily": "scanner", "description": "Check for the Version of chrony", "modified": "2018-01-22T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861688", "id": "OPENVAS:1361412562310861688", "title": "Fedora Update for chrony FEDORA-2010-1539", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2010-1539\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"chrony on Fedora 12\";\ntag_insight = \"A client/server for the Network Time Protocol, this program keeps your\n computer's clock accurate. It was specially designed to support\n systems with dial-up Internet connections, and also supports computers\n in permanently connected environments.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034887.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861688\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1539\");\n script_cve_id(\"CVE-2010-0292\", \"CVE-2010-0293\", \"CVE-2010-0294\");\n script_name(\"Fedora Update for chrony FEDORA-2010-1539\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of chrony\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.23~8.20081106gitbe42b4.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:20", "bulletinFamily": "scanner", "description": "Check for the Version of chrony", "modified": "2017-12-28T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861723", "id": "OPENVAS:1361412562310861723", "title": "Fedora Update for chrony FEDORA-2010-1536", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2010-1536\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"chrony on Fedora 11\";\ntag_insight = \"A client/server for the Network Time Protocol, this program keeps your\n computer's clock accurate. It was specially designed to support\n systems with dial-up Internet connections, and also supports computers\n in permanently connected environments.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034877.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861723\");\n script_version(\"$Revision: 8254 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 08:29:05 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1536\");\n script_cve_id(\"CVE-2010-0292\", \"CVE-2010-0293\", \"CVE-2010-0294\");\n script_name(\"Fedora Update for chrony FEDORA-2010-1536\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of chrony\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.23~6.20081106gitbe42b4.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:47", "bulletinFamily": "scanner", "description": "Check for the Version of chrony", "modified": "2017-12-22T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861688", "id": "OPENVAS:861688", "title": "Fedora Update for chrony FEDORA-2010-1539", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2010-1539\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"chrony on Fedora 12\";\ntag_insight = \"A client/server for the Network Time Protocol, this program keeps your\n computer's clock accurate. It was specially designed to support\n systems with dial-up Internet connections, and also supports computers\n in permanently connected environments.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034887.html\");\n script_id(861688);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1539\");\n script_cve_id(\"CVE-2010-0292\", \"CVE-2010-0293\", \"CVE-2010-0294\");\n script_name(\"Fedora Update for chrony FEDORA-2010-1539\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of chrony\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.23~8.20081106gitbe42b4.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:35", "bulletinFamily": "scanner", "description": "Check for the Version of chrony", "modified": "2017-12-14T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861723", "id": "OPENVAS:861723", "title": "Fedora Update for chrony FEDORA-2010-1536", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chrony FEDORA-2010-1536\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"chrony on Fedora 11\";\ntag_insight = \"A client/server for the Network Time Protocol, this program keeps your\n computer's clock accurate. It was specially designed to support\n systems with dial-up Internet connections, and also supports computers\n in permanently connected environments.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034877.html\");\n script_id(861723);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1536\");\n script_cve_id(\"CVE-2010-0292\", \"CVE-2010-0293\", \"CVE-2010-0294\");\n script_name(\"Fedora Update for chrony FEDORA-2010-1536\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of chrony\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"chrony\", rpm:\"chrony~1.23~6.20081106gitbe42b4.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update to chrony\nannounced via advisory DSA 1992-1.", "modified": "2017-07-07T00:00:00", "published": "2010-02-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66809", "id": "OPENVAS:66809", "title": "Debian Security Advisory DSA 1992-1 (chrony)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1992_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 1992-1 (chrony)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in chrony, a pair of programs\nwhich are used to maintain the accuracy of the system clock on a computer.\nThis issues are similar to the NTP security flaw CVE-2009-3563. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2010-0292\n\nchronyd replies to all cmdmon packets with NOHOSTACCESS messages even for\nunauthorized hosts. An attacker can abuse this behaviour to force two\nchronyd instances to play packet ping-pong by sending such a packet with\nspoofed source address and port. This results in high CPU and network\nusage and thus denial of service conditions.\n\nCVE-2010-0293\n\nThe client logging facility of chronyd doesn't limit memory that is used\nto store client information. An attacker can cause chronyd to allocate\nlarge amounts of memory by sending NTP or cmdmon packets with spoofed\nsource addresses resulting in memory exhaustion.\n\nCVE-2010-0294\n\nchronyd lacks of a rate limit control to the syslog facility when logging\nreceived packets from unauthorized hosts. This allows an attacker to\ncause denial of service conditions via filling up the logs and thus disk\nspace by repeatedly sending invalid cmdmon packets.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.21z-5+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.23-6+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your chrony packages.\";\ntag_summary = \"The remote host is missing an update to chrony\nannounced via advisory DSA 1992-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201992-1\";\n\n\nif(description)\n{\n script_id(66809);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-10 21:51:26 +0100 (Wed, 10 Feb 2010)\");\n script_cve_id(\"CVE-2010-0292\", \"CVE-2010-0293\", \"CVE-2010-0294\", \"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1992-1 (chrony)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chrony\", ver:\"1.21z-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chrony\", ver:\"1.23-6+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:04:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update to chrony\nannounced via advisory DSA 1992-1.", "modified": "2018-01-18T00:00:00", "published": "2010-02-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066809", "id": "OPENVAS:136141256231066809", "type": "openvas", "title": "Debian Security Advisory DSA 1992-1 (chrony)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1992_1.nasl 8457 2018-01-18 07:58:32Z teissa $\n# Description: Auto-generated from advisory DSA 1992-1 (chrony)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in chrony, a pair of programs\nwhich are used to maintain the accuracy of the system clock on a computer.\nThis issues are similar to the NTP security flaw CVE-2009-3563. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2010-0292\n\nchronyd replies to all cmdmon packets with NOHOSTACCESS messages even for\nunauthorized hosts. An attacker can abuse this behaviour to force two\nchronyd instances to play packet ping-pong by sending such a packet with\nspoofed source address and port. This results in high CPU and network\nusage and thus denial of service conditions.\n\nCVE-2010-0293\n\nThe client logging facility of chronyd doesn't limit memory that is used\nto store client information. An attacker can cause chronyd to allocate\nlarge amounts of memory by sending NTP or cmdmon packets with spoofed\nsource addresses resulting in memory exhaustion.\n\nCVE-2010-0294\n\nchronyd lacks of a rate limit control to the syslog facility when logging\nreceived packets from unauthorized hosts. This allows an attacker to\ncause denial of service conditions via filling up the logs and thus disk\nspace by repeatedly sending invalid cmdmon packets.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.21z-5+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.23-6+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your chrony packages.\";\ntag_summary = \"The remote host is missing an update to chrony\nannounced via advisory DSA 1992-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201992-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66809\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-10 21:51:26 +0100 (Wed, 10 Feb 2010)\");\n script_cve_id(\"CVE-2010-0292\", \"CVE-2010-0293\", \"CVE-2010-0294\", \"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1992-1 (chrony)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chrony\", ver:\"1.21z-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chrony\", ver:\"1.23-6+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:10:22", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in chrony, a pair of\nprograms which are used to maintain the accuracy of the system clock\non a computer. This issues are similar to the NTP security flaw\nCVE-2009-3563. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2010-0292\n chronyd replies to all cmdmon packets with NOHOSTACCESS\n messages even for unauthorized hosts. An attacker can\n abuse this behaviour to force two chronyd instances to\n play packet ping-pong by sending such a packet with\n spoofed source address and port. This results in high\n CPU and network usage and thus denial of service\n conditions.\n\n - CVE-2010-0293\n The client logging facility of chronyd doesn't limit\n memory that is used to store client information. An\n attacker can cause chronyd to allocate large amounts of\n memory by sending NTP or cmdmon packets with spoofed\n source addresses resulting in memory exhaustion.\n\n - CVE-2010-0294\n chronyd lacks of a rate limit control to the syslog\n facility when logging received packets from unauthorized\n hosts. This allows an attacker to cause denial of\n service conditions via filling up the logs and thus disk\n space by repeatedly sending invalid cmdmon packets.", "modified": "2018-11-10T00:00:00", "published": "2010-02-24T00:00:00", "id": "DEBIAN_DSA-1992.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44856", "title": "Debian DSA-1992-1 : chrony - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1992. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44856);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2010-0292\", \"CVE-2010-0293\", \"CVE-2010-0294\");\n script_xref(name:\"DSA\", value:\"1992\");\n\n script_name(english:\"Debian DSA-1992-1 : chrony - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in chrony, a pair of\nprograms which are used to maintain the accuracy of the system clock\non a computer. This issues are similar to the NTP security flaw\nCVE-2009-3563. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2010-0292\n chronyd replies to all cmdmon packets with NOHOSTACCESS\n messages even for unauthorized hosts. An attacker can\n abuse this behaviour to force two chronyd instances to\n play packet ping-pong by sending such a packet with\n spoofed source address and port. This results in high\n CPU and network usage and thus denial of service\n conditions.\n\n - CVE-2010-0293\n The client logging facility of chronyd doesn't limit\n memory that is used to store client information. An\n attacker can cause chronyd to allocate large amounts of\n memory by sending NTP or cmdmon packets with spoofed\n source addresses resulting in memory exhaustion.\n\n - CVE-2010-0294\n chronyd lacks of a rate limit control to the syslog\n facility when logging received packets from unauthorized\n hosts. This allows an attacker to cause denial of\n service conditions via filling up the logs and thus disk\n space by repeatedly sending invalid cmdmon packets.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-1992\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chrony packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.21z-5+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.23-6+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chrony\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"chrony\", reference:\"1.21z-5+etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"chrony\", reference:\"1.23-6+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:10:45", "bulletinFamily": "scanner", "description": "This update fixes several vulnerabilities that can be exploited for a\nremote denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-07-12T00:00:00", "published": "2010-07-01T00:00:00", "id": "FEDORA_2010-1536.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47260", "title": "Fedora 11 : chrony-1.23-6.20081106gitbe42b4.fc11 (2010-1536)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1536.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47260);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-0292\", \"CVE-2010-0293\", \"CVE-2010-0294\");\n script_xref(name:\"FEDORA\", value:\"2010-1536\");\n\n script_name(english:\"Fedora 11 : chrony-1.23-6.20081106gitbe42b4.fc11 (2010-1536)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities that can be exploited for a\nremote denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=555367\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/034877.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0cff2bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chrony package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chrony\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"chrony-1.23-6.20081106gitbe42b4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chrony\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:10:45", "bulletinFamily": "scanner", "description": "This update fixes several vulnerabilities that can be exploited for a\nremote denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-07-12T00:00:00", "published": "2010-07-01T00:00:00", "id": "FEDORA_2010-1539.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47261", "title": "Fedora 12 : chrony-1.23-8.20081106gitbe42b4.fc12 (2010-1539)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1539.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47261);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-0292\", \"CVE-2010-0293\", \"CVE-2010-0294\");\n script_xref(name:\"FEDORA\", value:\"2010-1539\");\n\n script_name(english:\"Fedora 12 : chrony-1.23-8.20081106gitbe42b4.fc12 (2010-1539)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities that can be exploited for a\nremote denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=555367\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/034887.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0dc9f02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chrony package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chrony\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"chrony-1.23-8.20081106gitbe42b4.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chrony\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:46", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1992-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nFebruary 4th, 2010 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : chrony\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nDebian bug : none\nCVE ID : CVE-2010-0292 CVE-2010-0293 CVE-2010-0294\n\nSeveral vulnerabilities have been discovered in chrony, a pair of programs\nwhich are used to maintain the accuracy of the system clock on a computer.\nThis issues are similar to the NTP security flaw CVE-2009-3563. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2010-0292\n\n chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for\n unauthorized hosts. An attacker can abuse this behaviour to force two\n chronyd instances to play packet ping-pong by sending such a packet with\n spoofed source address and port. This results in high CPU and network\n usage and thus denial of service conditions.\n\nCVE-2010-0293\n\n The client logging facility of chronyd doesn't limit memory that is used\n to store client information. An attacker can cause chronyd to allocate\n large amounts of memory by sending NTP or cmdmon packets with spoofed\n source addresses resulting in memory exhaustion.\n\nCVE-2010-0294\n\n chronyd lacks of a rate limit control to the syslog facility when logging\n received packets from unauthorized hosts. This allows an attacker to\n cause denial of service conditions via filling up the logs and thus disk\n space by repeatedly sending invalid cmdmon packets.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.21z-5+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.23-6+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your chrony packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z.orig.tar.gz\n Size/MD5 checksum: 310709 84f76a73dff5a3c9e9f11f3c29a4e93b\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1.dsc\n Size/MD5 checksum: 629 41c78c176d00f2034298f0f91d9dcc7e\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1.diff.gz\n Size/MD5 checksum: 157657 aef816a20684f142795441c9d0c2c39a\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_alpha.deb\n Size/MD5 checksum: 354606 9c8d999fe33d00f7a2c7582b265ab1e8\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_amd64.deb\n Size/MD5 checksum: 337452 d87cea1f14f0834d91540f6125f53de9\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_arm.deb\n Size/MD5 checksum: 335840 06b572cf16b4331c6af3eadd62054de6\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_hppa.deb\n Size/MD5 checksum: 341488 919e32d2603bf6503be5f051b9a0111f\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_i386.deb\n Size/MD5 checksum: 328578 f5ba5a2a8e08fe6978704cea5874b222\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_ia64.deb\n Size/MD5 checksum: 383552 c904705550097e5f94305517fe83b422\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_mipsel.deb\n Size/MD5 checksum: 355940 12845d0599bef378d006f790776a4c79\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_powerpc.deb\n Size/MD5 checksum: 338000 ee2d8986bb062f6dc88ed4cd1e57966a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_s390.deb\n Size/MD5 checksum: 335212 fb9f62d0eea41f68b5a67d0c961a8045\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_sparc.deb\n Size/MD5 checksum: 327336 872180a40677910e8010ec313eab73a8\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1.dsc\n Size/MD5 checksum: 1014 20987586fe342a0b48ebe8432f7ab9ef\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23.orig.tar.gz\n Size/MD5 checksum: 321015 ffce77695e55d8efda19ab0b78309c23\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1.diff.gz\n Size/MD5 checksum: 162829 a6d0c6c4d06b22630b00361f0c0e0e37\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_alpha.deb\n Size/MD5 checksum: 350622 cc8748f4e26828a481397c76d4b7178b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_amd64.deb\n Size/MD5 checksum: 334714 8cdc4b9808d7eb84a901359959bd43d9\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_arm.deb\n Size/MD5 checksum: 332124 347fff466b0a11a3824f983421e4c6ad\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_armel.deb\n Size/MD5 checksum: 336222 2e8bd1a63adb1df9577f796d010e1112\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_hppa.deb\n Size/MD5 checksum: 338322 2639b0c0f98608e244bde3714bd801ae\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_i386.deb\n Size/MD5 checksum: 321778 ea5ef26c6b52ea7a1a506fae23b2a5ec\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_ia64.deb\n Size/MD5 checksum: 379862 9c3dd5b2b24ce43b2dc06d652e1802ad\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_mips.deb\n Size/MD5 checksum: 340162 c50add8cb3986c4e7b6478545aecd1c9\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_mipsel.deb\n Size/MD5 checksum: 348290 c17da54e6c6a2b66dd0fab961fdc00a1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_powerpc.deb\n Size/MD5 checksum: 336384 8c06d057cb248e80c5de06d399dc8581\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_s390.deb\n Size/MD5 checksum: 333040 9e3cb73f7c58ff093d8e0407430af6ce\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_sparc.deb\n Size/MD5 checksum: 325458 0f9b64665e974fc06a6e976100516d7f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-02-04T17:39:47", "published": "2010-02-04T17:39:47", "id": "DEBIAN:DSA-1992-1:6C7E3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00032.html", "title": "[SECURITY] [DSA 1992-1] New chrony packages fix denial of service", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1992-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nFebruary 4th, 2010 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : chrony\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nDebian bug : none\r\nCVE ID : CVE-2010-0292 CVE-2010-0293 CVE-2010-0294\r\n\r\nSeveral vulnerabilities have been discovered in chrony, a pair of programs\r\nwhich are used to maintain the accuracy of the system clock on a computer.\r\nThis issues are similar to the NTP security flaw CVE-2009-3563. The Common\r\nVulnerabilities and Exposures project identifies the following problems:\r\n\r\nCVE-2010-0292\r\n\r\n chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for\r\n unauthorized hosts. An attacker can abuse this behaviour to force two\r\n chronyd instances to play packet ping-pong by sending such a packet with\r\n spoofed source address and port. This results in high CPU and network\r\n usage and thus denial of service conditions.\r\n\r\nCVE-2010-0293\r\n\r\n The client logging facility of chronyd doesn't limit memory that is used\r\n to store client information. An attacker can cause chronyd to allocate\r\n large amounts of memory by sending NTP or cmdmon packets with spoofed\r\n source addresses resulting in memory exhaustion.\r\n\r\nCVE-2010-0294\r\n\r\n chronyd lacks of a rate limit control to the syslog facility when logging\r\n received packets from unauthorized hosts. This allows an attacker to\r\n cause denial of service conditions via filling up the logs and thus disk\r\n space by repeatedly sending invalid cmdmon packets.\r\n\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 1.21z-5+etch1.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 1.23-6+lenny1.\r\n\r\nFor the testing (squeeze) and unstable (sid) distribution, this problem\r\nwill be fixed soon.\r\n\r\n\r\nWe recommend that you upgrade your chrony packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z.orig.tar.gz\r\n Size/MD5 checksum: 310709 84f76a73dff5a3c9e9f11f3c29a4e93b\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1.dsc\r\n Size/MD5 checksum: 629 41c78c176d00f2034298f0f91d9dcc7e\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1.diff.gz\r\n Size/MD5 checksum: 157657 aef816a20684f142795441c9d0c2c39a\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_alpha.deb\r\n Size/MD5 checksum: 354606 9c8d999fe33d00f7a2c7582b265ab1e8\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_amd64.deb\r\n Size/MD5 checksum: 337452 d87cea1f14f0834d91540f6125f53de9\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_arm.deb\r\n Size/MD5 checksum: 335840 06b572cf16b4331c6af3eadd62054de6\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_hppa.deb\r\n Size/MD5 checksum: 341488 919e32d2603bf6503be5f051b9a0111f\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_i386.deb\r\n Size/MD5 checksum: 328578 f5ba5a2a8e08fe6978704cea5874b222\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_ia64.deb\r\n Size/MD5 checksum: 383552 c904705550097e5f94305517fe83b422\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_mipsel.deb\r\n Size/MD5 checksum: 355940 12845d0599bef378d006f790776a4c79\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_powerpc.deb\r\n Size/MD5 checksum: 338000 ee2d8986bb062f6dc88ed4cd1e57966a\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_s390.deb\r\n Size/MD5 checksum: 335212 fb9f62d0eea41f68b5a67d0c961a8045\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_sparc.deb\r\n Size/MD5 checksum: 327336 872180a40677910e8010ec313eab73a8\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1.dsc\r\n Size/MD5 checksum: 1014 20987586fe342a0b48ebe8432f7ab9ef\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23.orig.tar.gz\r\n Size/MD5 checksum: 321015 ffce77695e55d8efda19ab0b78309c23\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1.diff.gz\r\n Size/MD5 checksum: 162829 a6d0c6c4d06b22630b00361f0c0e0e37\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_alpha.deb\r\n Size/MD5 checksum: 350622 cc8748f4e26828a481397c76d4b7178b\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_amd64.deb\r\n Size/MD5 checksum: 334714 8cdc4b9808d7eb84a901359959bd43d9\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_arm.deb\r\n Size/MD5 checksum: 332124 347fff466b0a11a3824f983421e4c6ad\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_armel.deb\r\n Size/MD5 checksum: 336222 2e8bd1a63adb1df9577f796d010e1112\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_hppa.deb\r\n Size/MD5 checksum: 338322 2639b0c0f98608e244bde3714bd801ae\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_i386.deb\r\n Size/MD5 checksum: 321778 ea5ef26c6b52ea7a1a506fae23b2a5ec\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_ia64.deb\r\n Size/MD5 checksum: 379862 9c3dd5b2b24ce43b2dc06d652e1802ad\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_mips.deb\r\n Size/MD5 checksum: 340162 c50add8cb3986c4e7b6478545aecd1c9\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_mipsel.deb\r\n Size/MD5 checksum: 348290 c17da54e6c6a2b66dd0fab961fdc00a1\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_powerpc.deb\r\n Size/MD5 checksum: 336384 8c06d057cb248e80c5de06d399dc8581\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_s390.deb\r\n Size/MD5 checksum: 333040 9e3cb73f7c58ff093d8e0407430af6ce\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_sparc.deb\r\n Size/MD5 checksum: 325458 0f9b64665e974fc06a6e976100516d7f\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAktrBiUACgkQHYflSXNkfP8E8wCbBFIaDBI5zijz3mH/gGCnNrxj\r\nxHoAn3XE1HhP/CcGGFySf/w6A10lIHg/\r\n=+HgG\r\n-----END PGP SIGNATURE-----", "modified": "2010-02-05T00:00:00", "published": "2010-02-05T00:00:00", "id": "SECURITYVULNS:DOC:23182", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23182", "title": "[SECURITY] [DSA 1992-1] New chrony packages fix denial of service", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}