ALT-PU-2014-1267-1
Closed vulnerabilities
Modified: 2025-04-11
CVE-2012-4502
Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.
- http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=7712455d9aa33d0db0945effaa07e900b85987b1
- http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
- http://seclists.org/oss-sec/2013/q3/332
- http://www.debian.org/security/2013/dsa-2760
- https://bugzilla.redhat.com/show_bug.cgi?id=846392
- http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=7712455d9aa33d0db0945effaa07e900b85987b1
- http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
- http://seclists.org/oss-sec/2013/q3/332
- http://www.debian.org/security/2013/dsa-2760
- https://bugzilla.redhat.com/show_bug.cgi?id=846392
Modified: 2025-04-11
CVE-2012-4503
cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.
- http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
- http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
- http://seclists.org/oss-sec/2013/q3/332
- http://www.debian.org/security/2013/dsa-2760
- https://bugzilla.redhat.com/show_bug.cgi?id=846392
- http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
- http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
- http://seclists.org/oss-sec/2013/q3/332
- http://www.debian.org/security/2013/dsa-2760
- https://bugzilla.redhat.com/show_bug.cgi?id=846392
Modified: 2024-11-21
CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html
- http://www.openwall.com/lists/oss-security/2014/01/17/9
- http://www.openwall.com/lists/oss-security/2014/01/18/1
- http://www.openwall.com/lists/oss-security/2014/01/18/2
- http://www.openwall.com/lists/oss-security/2014/01/18/3
- http://www.openwall.com/lists/oss-security/2014/01/19/1
- http://www.securityfocus.com/bid/65035
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90925
- https://security-tracker.debian.org/tracker/CVE-2014-0021
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html
- http://www.openwall.com/lists/oss-security/2014/01/17/9
- http://www.openwall.com/lists/oss-security/2014/01/18/1
- http://www.openwall.com/lists/oss-security/2014/01/18/2
- http://www.openwall.com/lists/oss-security/2014/01/18/3
- http://www.openwall.com/lists/oss-security/2014/01/19/1
- http://www.securityfocus.com/bid/65035
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90925
- https://security-tracker.debian.org/tracker/CVE-2014-0021