5

CVE-2010-0292

The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TuxfamilyChrony Version <= 1.23-pre1
TuxfamilyChrony Version1.18
TuxfamilyChrony Version1.19
TuxfamilyChrony Version1.19-1
TuxfamilyChrony Version1.19.99.1
TuxfamilyChrony Version1.19.99.2
TuxfamilyChrony Version1.19.99.3
TuxfamilyChrony Version1.20
TuxfamilyChrony Version1.21
TuxfamilyChrony Version1.21-pre1
TuxfamilyChrony Version1.24-pre1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.76% 0.751
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://chrony.tuxfamily.org/News.html
Vendor Advisory
http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=7864c7a70ce00369194e734eb2842ecc5f8db531
http://secunia.com/advisories/38428
Vendor Advisory
http://secunia.com/advisories/38480
Vendor Advisory
http://www.debian.org/security/2010/dsa-1992
http://www.securityfocus.com/bid/38106
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=555367