Search CVE reports
1 – 10 of 11 results
CVE-2020-14367
Medium prioritySome fixes available 11 of 13
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing,...
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2015-1853
Medium prioritySome fixes available 1 of 8
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via...
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | — | — | — | Not affected | Not affected |
CVE-2014-0021
Low prioritySome fixes available 1 of 11
Chrony before 1.29.1 has traffic amplification in cmdmon protocol
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | — | Not affected | Not affected | Not affected | Not affected |
CVE-2016-1567
Low prioritySome fixes available 2 of 7
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a...
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | — | — | — | Not affected | Fixed |
CVE-2015-1822
Medium prioritySome fixes available 1 of 8
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and...
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | — | — | — | Not affected | Not affected |
CVE-2015-1821
Medium prioritySome fixes available 1 of 8
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet...
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | — | — | — | Not affected | Not affected |
CVE-2012-4503
Low prioritycmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed...
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | — | — | — | — | Not affected |
CVE-2012-4502
Medium priorityMultiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength...
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | — | — | — | — | Not affected |
CVE-2010-0294
Low prioritySome fixes available 3 of 5
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | — | — | — | — | — |
CVE-2010-0293
Low prioritySome fixes available 3 of 5
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via...
1 affected package
chrony
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chrony | — | — | — | — | — |