Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 307757 (CVE-2010-0292) - <net-misc/chrony-1.24 NTP/cmdmon DoS (CVE-2010-{0292,0293,0294})
Summary: <net-misc/chrony-1.24 NTP/cmdmon DoS (CVE-2010-{0292,0293,0294})
Status: RESOLVED FIXED
Alias: CVE-2010-0292
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa]
Keywords:
: 308037 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-03-04 11:46 UTC by Alex Legler (RETIRED)
Modified: 2010-04-10 10:00 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-04 11:46:55 UTC 
CVE-2010-0293 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0293):
  The client logging functionality in chronyd in Chrony before 1.23.1
  does not restrict the amount of memory used for storage of client
  information, which allows remote attackers to cause a denial of
  service (memory consumption) via spoofed (1) NTP or (2) cmdmon
  packets.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-04 11:47:34 UTC 
CVE-2010-0294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0294):
  chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a
  syslog message for each unauthorized cmdmon packet, which allows
  remote attackers to cause a denial of service (disk consumption) via
  a large number of invalid packets.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 17:52:20 UTC 
*** Bug 308037 has been marked as a duplicate of this bug. ***
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 17:53:46 UTC 
CVE-2010-0292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0292):
  The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony
  before 1.23.1, and 1.24-pre1, allows remote attackers to cause a
  denial of service (CPU and bandwidth consumption) by sending a
  spoofed cmdmon packet that triggers a continuous exchange of
  NOHOSTACCESS messages between two daemons, a related issue to
  CVE-2009-3563.
Comment 4 Torsten Veller (RETIRED) gentoo-dev 2010-03-15 09:17:47 UTC 
1.24 is in the tree now.
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2010-03-15 18:58:21 UTC 
x86 stable
Comment 6 Brent Baude (RETIRED) gentoo-dev 2010-03-23 20:02:38 UTC 
ppc done
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2010-03-24 05:45:47 UTC 
Stable for HPPA.
Comment 8 Markus Meier gentoo-dev 2010-03-29 21:42:36 UTC 
amd64 stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2010-04-04 19:10:17 UTC 
sparc stable
Comment 10 Torsten Veller (RETIRED) gentoo-dev 2010-04-04 19:23:45 UTC 
All arches done.
Comment 11 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-09 18:04:54 UTC 
Vote: NO.
Comment 12 Tobias Heinlein (RETIRED) gentoo-dev 2010-04-10 10:00:28 UTC 
NO too, closing noglsa.