Summary: | <net-misc/chrony-1.29: Two vulnerabilities (CVE-2012-{4502,4503}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jer |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/08/09/4 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 476034 |
Description
Agostino Sarubbo
2013-08-09 12:49:19 UTC
Arch teams, please test and mark stable: =net-misc/chrony-1.29 Targeted stable KEYWORDS : amd64 hppa ppc sparc x86 ppc stable amd64 stable x86 stable Stable for HPPA. sparc stable Thanks for your work New GLSA request filed CVE-2012-4503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4503): cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply. CVE-2012-4502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4502): Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit. This issue was resolved and addressed in GLSA 201402-28 at http://security.gentoo.org/glsa/glsa-201402-28.xml by GLSA coordinator Sergey Popov (pinkbyte). |