CVE-2015-1821

Published: 16 April 2015

Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.

From the Ubuntu security team

Miroslav Lichvár discovered a head-based buffer overflow in chrony. A remote attacker could use this vulnerability to cause a denial of service (crash) or execute arbitrary code.

Priority

Medium

Status

Package Release Status
chrony
Launchpad, Ubuntu, Debian
Upstream
Released (1.31.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.2-4ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.1.1-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.29-1ubuntu0.1)
Patches:
Upstream: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=cf19042ecb656b8afec0cc4906e7dd3ea9266ac8