Computer Security
[EN] securityvulns.ru no-pyccku


chrony multiple security vulnerabilities
Published:17.04.2015
Source:
SecurityVulns ID:14400
Type:remote
Threat Level:
6/10
Description:Memory corruption, uninitialized pointer dereference, DoS.
Affected:CHRONY : chrony 1.30
CVE:CVE-2015-1853
 CVE-2015-1822 (chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.)
 CVE-2015-1821 (Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3222-1] chrony security update (17.04.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod