Computer Security
[EN] securityvulns.ru no-pyccku


chrony multiple security vulnerabilities
Published:05.02.2010
Source:
SecurityVulns ID:10591
Type:remote
Threat Level:
5/10
Description:Traffic amplification, resources exhaustion.
Affected:CHRONY : chrony 1.23
CVE:CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.)
 CVE-2010-0293 (The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.)
 CVE-2010-0292 (The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1992-1] New chrony packages fix denial of service (05.02.2010)

Apple Safari DoS
Published:05.02.2010
Source:
SecurityVulns ID:10590
Type:client
Threat Level:
4/10
Description:Memory corruption on Javascript processing.
Affected:APPLE : Safari 4.0
Original documentdocumentdavid_(at)_majorsecurity.info, [MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service (05.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod