Debian Chrony vulnerabilities

CVE-2020-14367 [MEDIUM] CVE-2020-14367: chrony - A flaw was found in chrony versions before 3.5.1 when creating the PID file unde... A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a

CVE-2016-1567 [HIGH] CVE-2016-1567: chrony - chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of sym... chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." Scope: local bookworm: resolved (fixed in 2.2.1-1) bullseye: resolved (fixed in 2.2.1-1) forky: resolved (fixed in 2.2.1-1) sid: r

CVE-2015-1821 [MEDIUM] CVE-2015-1821: chrony - Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated u... Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder. Scope: local bookworm: resolved (fixed in 1.30-2)

CVE-2015-1822 [MEDIUM] CVE-2015-1822: chrony - chrony before 1.31.1 does not initialize the last "next" pointer when saving una... chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests. Scope: local bookworm: resolved (fixed in 1.30-2) b

CVE-2015-1853 [MEDIUM] CVE-2015-1853: chrony - chrony before 1.31.1 does not properly protect state variables in authenticated ... chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. Scope: local bookworm: resolved (fixed in 1.30-2) bullseye: resolved (fixed in 1.30-2) forky:

CVE-2014-0021 [HIGH] CVE-2014-0021: chrony - Chrony before 1.29.1 has traffic amplification in cmdmon protocol Chrony before 1.29.1 has traffic amplification in cmdmon protocol Scope: local bookworm: resolved (fixed in 1.29.1-1) bullseye: resolved (fixed in 1.29.1-1) forky: resolved (fixed in 1.29.1-1) sid: resolved (fixed in 1.29.1-1) trixie: resolved (fixed in 1.29.1-1)

CVE-2012-4502 [MEDIUM] CVE-2012-4502: chrony - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote att... Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command re

CVE-2012-4503 [MEDIUM] CVE-2012-4503: chrony - cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sen... cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitializ

CVE-2010-0292 [MEDIUM] CVE-2010-0292: chrony - The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1... The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563. Scope: local bookworm: resolved (fix

CVE-2010-0294 [MEDIUM] CVE-2010-0294: chrony - chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog mess... chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets. Scope: local bookworm: resolved (fixed in 1.23-7) bullseye: resolved (fixed in 1.23-7) forky: resolved (fixed in 1.23-7) sid: resol

CVE-2010-0293 [MEDIUM] CVE-2010-0293: chrony - The client logging functionality in chronyd in Chrony before 1.23.1 does not res... The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets. Scope: local bookworm: resolved (fixed in 1.23-7) bullseye: resolved (fixed in 1.23-7) forky: resol