Lucene search
HistoryFeb 08, 2010 - 8:30 p.m.
CVE-2010-0292
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.5
Confidence
High
EPSS
0.966
Percentile
99.7%
The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.
Affected configurations
Node
tuxfamilychronyRangeβ€1.23-pre1
ORtuxfamilychronyMatch1.18
ORtuxfamilychronyMatch1.19
ORtuxfamilychronyMatch1.19-1
ORtuxfamilychronyMatch1.19.99.1
ORtuxfamilychronyMatch1.19.99.2
ORtuxfamilychronyMatch1.19.99.3
ORtuxfamilychronyMatch1.20
ORtuxfamilychronyMatch1.21
ORtuxfamilychronyMatch1.21-pre1
ORtuxfamilychronyMatch1.24-pre1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tuxfamily | chrony | * | cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:* |
| tuxfamily | chrony | 1.18 | cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:* |
| tuxfamily | chrony | 1.19 | cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:* |
| tuxfamily | chrony | 1.19-1 | cpe:2.3:a:tuxfamily:chrony:1.19-1:*:*:*:*:*:*:* |
| tuxfamily | chrony | 1.19.99.1 | cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:* |
| tuxfamily | chrony | 1.19.99.2 | cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:* |
| tuxfamily | chrony | 1.19.99.3 | cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:* |
| tuxfamily | chrony | 1.20 | cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:* |
| tuxfamily | chrony | 1.21 | cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:* |
| tuxfamily | chrony | 1.21-pre1 | cpe:2.3:a:tuxfamily:chrony:1.21-pre1:*:*:*:*:*:*:* |
References
chrony.tuxfamily.org/News.html
git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=7864c7a70ce00369194e734eb2842ecc5f8db531
secunia.com/advisories/38428
secunia.com/advisories/38480
www.debian.org/security/2010/dsa-1992
www.securityfocus.com/bid/38106
bugzilla.redhat.com/show_bug.cgi?id=555367
Related
ubuntucve
ubuntucve
CVE-2010-0292
2010-02-08 00:00:00
CVE-2009-3563
2009-12-08 00:00:00
debiancve
debiancve
CVE-2010-0292
2010-02-08 20:30:00
CVE-2009-3563
2009-12-09 18:30:00
prion
prion
Sql injection
2010-02-08 20:30:00
Code injection
2009-12-09 18:30:00
cvelist
cvelist
CVE-2010-0292
2010-02-08 20:00:00
CVE-2009-3563
2009-12-09 00:00:00
cve
cve
CVE-2010-0292
2010-02-08 20:30:00
CVE-2009-3563
2009-12-09 18:30:00
securityvulns
securityvulns
[SECURITY] [DSA 1992-1] New chrony packages fix denial of service
2010-02-05 00:00:00
[USN-867-1] Ntp vulnerability
2009-12-09 00:00:00
ntp server DoS
2009-12-09 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1992-1)
2010-02-10 00:00:00
Debian Security Advisory DSA 1992-1 (chrony)
2010-02-10 00:00:00
Oracle: Security Advisory (ELSA-2009-1648)
2015-10-08 00:00:00
debian
debian
[SECURITY] [DSA 1992-1] New chrony packages fix denial of service
2010-02-04 17:38:45
[SECURITY] [DSA 1948-1] New ntp packages fix denial of service
2009-12-08 19:07:15
osv
osv
chrony - denial of service
2010-02-04 00:00:00
nessus
nessus
Debian DSA-1992-1 : chrony - several vulnerabilities
2010-02-24 00:00:00
SuSE9 Security Update : xntp (YOU Patch Number 12559)
2009-12-21 00:00:00
AIX 5.3 TL 9 : xntpd (IZ71093)
2013-01-24 00:00:00
gentoo
gentoo
NTP: Denial of service
2010-01-03 00:00:00
seebug
seebug
NTP MODE_PRIVATEζ₯ζθΏη¨ζη»ζε‘ζΌζ΄
2009-12-12 00:00:00
cert
cert
NTP mode 7 denial-of-service vulnerability
2009-12-08 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-10:02.ntpd
2010-01-06 00:00:00
metasploit
metasploit
NTP.org ntpd Reserved Mode Denial of Service
2009-12-13 02:56:20
cisco
cisco
f5
f5
SOL10905 - NTP vulnerability - CVE-2009-3563
2010-01-04 00:00:00
K000139026 : NTP vulnerability CVE-2009-3563
2024-03-25 00:00:00
K10905 : NTP vulnerability - CVE-2009-3563
2013-07-05 00:00:00
redhat
redhat
(RHSA-2009:1648) Moderate: ntp security update
2009-12-08 00:00:00
(RHSA-2009:1651) Moderate: ntp security update
2009-12-08 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:42:01
packetstorm
packetstorm
NTP.org ntpd Reserved Mode Denial of Service
2024-08-31 00:00:00
centos
centos
ntp security update
2009-12-08 22:33:14
ntp security update
2009-12-08 22:18:02
fedora
fedora
[SECURITY] Fedora 12 Update: ntp-4.2.4p8-1.fc12
2009-12-11 18:14:28
[SECURITY] Fedora 11 Update: ntp-4.2.4p7-3.fc11
2009-12-11 18:23:49
[SECURITY] Fedora 11 Update: chrony-1.23-6.20081106gitbe42b4.fc11
2010-02-06 00:05:24
checkpoint_advisories
checkpoint_advisories
Multiple Vendors NTP Mode 7 Denial of Service (CVE-2009-3563)
2010-02-02 00:00:00
Update Protection against Multiple Vendors NTP Mode 7 Denial of Service
2009-01-25 00:00:00
oraclelinux
oraclelinux
ntp security update
2009-12-08 00:00:00
ntp security update
2009-12-08 00:00:00
ubuntu
ubuntu
Ntp vulnerability
2009-12-08 00:00:00
nvd
nvd
CVE-2009-3563
2009-12-09 18:30:00
slackware
slackware
[slackware-security] ntp
2009-12-10 08:39:43
redhatcve
redhatcve
CVE-2024-2169
2024-04-02 20:21:52
altlinux
altlinux
Security fix for the ALT Linux 5 package chrony version 1.24-alt1
2010-02-08 00:00:00
Security fix for the ALT Linux 8 package chrony version 1.24-alt1
2010-02-08 00:00:00
Security fix for the ALT Linux 6 package chrony version 1.24-alt1
2010-02-08 00:00:00
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.5
Confidence
High
EPSS
0.966
Percentile
99.7%
Related for NVD:CVE-2010-0292