CVE-2015-1821

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-1821
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html Patch Vendor Advisory
http://www.debian.org/security/2015/dsa-3222
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/73955
https://security.gentoo.org/glsa/201507-01
Configurations

Configuration 1 (hide)

cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
History

13 Feb 2023, 00:47

Type Values Removed Values Added
Summary An out-of-bounds write flaw was found in the way Chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process. Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:2241', 'name': 'https://access.redhat.com/errata/RHSA-2015:2241', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-1821', 'name': 'https://access.redhat.com/security/cve/CVE-2015-1821', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1209631', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1209631', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 20:20

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2015:2241 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-1821 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1209631 -
Summary Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder. An out-of-bounds write flaw was found in the way Chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process.
Information

Published : 2015-04-16 14:59

Updated : 2023-12-10 11:31

NVD link : CVE-2015-1821

Mitre link : CVE-2015-1821

CVE.ORG link : CVE-2015-1821

JSON object : View

Products Affected

tuxfamily

  • chrony

debian

  • debian_linux
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer