Информационная безопасность
[RU] switch to English


Многочисленные уязвимосоти безопасности в chrony
Опубликовано:5 февраля 2010 г.
Источник:
SecurityVulns ID:10591
Тип:удаленная
Уровень опасности:
5/10
Описание:Амплификация трафика, исчерпание ресурсов.
Затронутые продукты:CHRONY : chrony 1.23
CVE:CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.)
 CVE-2010-0293 (The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.)
 CVE-2010-0292 (The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1992-1] New chrony packages fix denial of service (05.02.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород