Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 308037

Summary: net-misc/chrony: DOS (CVE-2010-0292)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: maintainer-needed
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=555367
Whiteboard: B3? [ebuild]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:23:52 UTC 
CVE-2010-0292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0292):
  The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony
  before 1.23.1, and 1.24-pre1, allows remote attackers to cause a
  denial of service (CPU and bandwidth consumption) by sending a
  spoofed cmdmon packet that triggers a continuous exchange of
  NOHOSTACCESS messages between two daemons, a related issue to
  CVE-2009-3563.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:24:43 UTC 
As this is maintainer-needed, and I'm not a full dev yet, someone needs to bump this.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 17:52:20 UTC 

*** This bug has been marked as a duplicate of bug 307757 ***