OpenCVE

chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tuxfamily	Chrony

Configuration 1 [-]

OR	cpe:2.3:a:tuxfamily:chrony::::::::
	cpe:2.3:a:tuxfamily:chrony:1.18:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19-1:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19.99.1:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19.99.2:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19.99.3:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.20:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.21:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.21-pre1:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.24-pre1:::::::*

No data.

References

Link	Providers
http://chrony.tuxfamily.org/News.html
http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=0b710499f994823bd938fc6895f097eefb9cc59f
http://secunia.com/advisories/38428
http://secunia.com/advisories/38480
http://www.debian.org/security/2010/dsa-1992
http://www.securityfocus.com/bid/38106
https://bugzilla.redhat.com/show_bug.cgi?id=555367

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-02-08T20:00:00Z

Updated: 2024-09-16T23:40:29.523Z

Reserved: 2010-01-12T00:00:00Z

Link: CVE-2010-0294

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-02-08T20:30:01.263

Modified: 2024-11-21T01:11:55.243

Link: CVE-2010-0294

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-02-08T20:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-1992", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-1992"}, {"name": "38106", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38106"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://chrony.tuxfamily.org/News.html"}, {"name": "38428", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38428"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=0b710499f994823bd938fc6895f097eefb9cc59f"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555367"}, {"name": "38480", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38480"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-0294", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1992", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-1992"}, {"name": "38106", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38106"}, {"name": "http://chrony.tuxfamily.org/News.html", "refsource": "CONFIRM", "url": "http://chrony.tuxfamily.org/News.html"}, {"name": "38428", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38428"}, {"name": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=0b710499f994823bd938fc6895f097eefb9cc59f", "refsource": "CONFIRM", "url": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=0b710499f994823bd938fc6895f097eefb9cc59f"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=555367", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555367"}, {"name": "38480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38480"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:11.986Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1992", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-1992"}, {"name": "38106", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38106"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://chrony.tuxfamily.org/News.html"}, {"name": "38428", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38428"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=0b710499f994823bd938fc6895f097eefb9cc59f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555367"}, {"name": "38480", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38480"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0294", "datePublished": "2010-02-08T20:00:00Z", "dateReserved": "2010-01-12T00:00:00Z", "dateUpdated": "2024-09-16T23:40:29.523Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*", "matchCriteriaId": "90274BAF-E019-4211-AAFF-7C597216F1A6", "versionEndIncluding": "1.23-pre1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*", "matchCriteriaId": "BE7B1A16-5E42-4571-BD0A-306E452F88C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*", "matchCriteriaId": "3876201F-F20D-42DA-912A-17B6108C05A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19-1:*:*:*:*:*:*:*", "matchCriteriaId": "43F45EF4-B54C-433B-B01A-6557881BB90C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E0A3321-1CC7-47C1-A7F1-1FFC0CBA892A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "203D6F3C-367E-4D39-8081-499A4847DB40", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*", "matchCriteriaId": "F94EADFC-7FAC-47B5-8024-1F1D81F57E02", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*", "matchCriteriaId": "FF708CE0-F27C-474D-AB0C-296DCB53F416", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*", "matchCriteriaId": "D4B0E62E-A525-4E0C-A5DF-512D79D7A68A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.21-pre1:*:*:*:*:*:*:*", "matchCriteriaId": "455878C7-0BE9-4C40-85BF-A320064D4768", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.24-pre1:*:*:*:*:*:*:*", "matchCriteriaId": "FF03B21E-3BED-452C-AE1C-3951DEA930AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets."}, {"lang": "es", "value": "chronyd en Chrony anterior a v1.23.1, y posiblemente v 1.24-pre1, genera un mensage syslog para cada paquete cmdmon no autorizado, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de disco) a trav\u00e9s de un n\u00famero elevado de paquetes no v\u00e1lidos."}], "id": "CVE-2010-0294", "lastModified": "2024-11-21T01:11:55.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-08T20:30:01.263", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://chrony.tuxfamily.org/News.html"}, {"source": "secalert@redhat.com", "url": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=0b710499f994823bd938fc6895f097eefb9cc59f"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38428"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38480"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-1992"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/38106"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://chrony.tuxfamily.org/News.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=0b710499f994823bd938fc6895f097eefb9cc59f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-1992"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/38106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555367"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}