CVE-2010-0293
Published: February 8, 2010Last modified: November 10, 2023
Description
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | chrony | Not affected (4.3-r0) |
| Stream | chrony | Not affected (4.4-r0) |
References
- http://chrony.tuxfamily.org/News.html
- http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753
- http://secunia.com/advisories/38428
- http://secunia.com/advisories/38480
- http://www.debian.org/security/2010/dsa-1992
- http://www.securityfocus.com/bid/38106
- https://bugzilla.redhat.com/show_bug.cgi?id=555367