1. CVE-Search
  2. CVE-2010-0293
ID CVE-2010-0293
Summary The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.
References
Vulnerable Configurations
  • cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.19-1:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.19-1:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.21-pre1:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.21-pre1:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.21:pre1:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.21:pre1:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.23:pre1:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.23:pre1:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.24-pre1:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.24-pre1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 09-02-2010 - 05:00)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 38106
confirm
debian DSA-1992
secunia
  • 38428
  • 38480
Last major update 09-02-2010 - 05:00
Published 08-02-2010 - 20:30
Last modified 09-02-2010 - 05:00
Back to Top