Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 480364 (CVE-2012-4502) - <net-misc/chrony-1.29: Two vulnerabilities (CVE-2012-{4502,4503})
Summary: <net-misc/chrony-1.29: Two vulnerabilities (CVE-2012-{4502,4503})
Alias: CVE-2012-4502
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Blocks: unit-in-stable
  Show dependency tree
Reported: 2013-08-09 12:49 UTC by Agostino Sarubbo
Modified: 2014-02-28 10:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-08-09 12:49:19 UTC
From ${URL} :

  Chrony upstream has released v1.29 version, correcting two security flaws:

* Issue #1: CVE-2012-4502: Buffer overflow when processing crafted command packets

  This issue was found by Florian Weimer of Red Hat.

  Relevant patch:;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1
  Red Hat bug:

* Issue #2: CVE-2012-4503: Uninitialized data in command replies

  This issue was found by Miroslav Lichvar of Red Hat.
  Relevant patch:;a=commitdiff;h=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
  Red Hat bug:

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2013-08-09 15:10:36 UTC
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : amd64 hppa ppc sparc x86
Comment 2 Agostino Sarubbo gentoo-dev 2013-08-10 12:08:16 UTC
ppc stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-08-10 13:20:44 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-08-10 13:21:32 UTC
x86 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2013-08-11 13:27:46 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2013-08-28 12:10:19 UTC
sparc stable
Comment 7 Sergey Popov gentoo-dev 2013-08-30 10:08:38 UTC
Thanks for your work

New GLSA request filed
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-11-27 10:29:19 UTC
CVE-2012-4503 (
  cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially
  sensitive information from stack memory via vectors related to (1) an
  invalid subnet in a RPY_SUBNETS_ACCESSED command to the
  handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the
  handle_client_accesses function when client logging is disabled, which
  causes uninitialized data to be included in a reply.

CVE-2012-4502 (
  Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote
  attackers to cause a denial of service (crash) via a crafted (1)
  REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the
  PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4)
  RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which
  triggers an out-of-bounds read or buffer overflow.  NOTE: versions 1.27 and
  1.28 do not require authentication to exploit.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2014-02-28 10:19:59 UTC
This issue was resolved and addressed in
 GLSA 201402-28 at
by GLSA coordinator Sergey Popov (pinkbyte).