exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2015-1822

Status Candidate

Overview

chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.

Related Files

Red Hat Security Advisory 2015-2241-03
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2241-03 - The chrony suite, chronyd and chronyc, is an advanced implementation of the Network Time Protocol, specially designed to support systems with intermittent connections. It can synchronize the system clock with NTP servers, hardware reference clocks, and manual input. It can also operate as an NTPv4 server or peer to provide a time service to other computers in the network. An out-of-bounds write flaw was found in the way chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2015-1821, CVE-2015-1822, CVE-2015-1853
SHA-256 | 9dcd1e723bb8317bbfc69f9f7175740614fd51f6bffa6bfacdfedd26b82d3eb2
Gentoo Linux Security Advisory 201507-01
Posted Jul 6, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201507-1 - Multiple vulnerabilities have been found in chrony, the worst of which can cause arbitrary code execution. Versions less than 1.31.1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-1821, CVE-2015-1822, CVE-2015-1853
SHA-256 | 2beceab188b5a326f8c1949abab1b3e4e637e4803c1a30abe30fe93b67a275bb
Debian Security Advisory 3222-1
Posted Apr 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3222-1 - Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server.

tags | advisory, vulnerability
systems | linux, redhat, debian
advisories | CVE-2015-1821, CVE-2015-1822, CVE-2015-1853
SHA-256 | 4322d7113061b959d9091b6bf8f6bac42fe6ec571c0c5ae8e3403642e50ba4f9
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close