Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 308037 - net-misc/chrony: DOS (CVE-2010-0292)
Summary: net-misc/chrony: DOS (CVE-2010-0292)
Status: RESOLVED DUPLICATE of bug 307757
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3? [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-06 15:23 UTC by Stefan Behte (RETIRED)
Modified: 2010-03-15 10:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:23:52 UTC 
CVE-2010-0292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0292):
  The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony
  before 1.23.1, and 1.24-pre1, allows remote attackers to cause a
  denial of service (CPU and bandwidth consumption) by sending a
  spoofed cmdmon packet that triggers a continuous exchange of
  NOHOSTACCESS messages between two daemons, a related issue to
  CVE-2009-3563.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:24:43 UTC 
As this is maintainer-needed, and I'm not a full dev yet, someone needs to bump this.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 17:52:20 UTC 

*** This bug has been marked as a duplicate of bug 307757 ***