CVE-2015-1822

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-1822
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html Patch Vendor Advisory
http://www.debian.org/security/2015/dsa-3222
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/73956
https://security.gentoo.org/glsa/201507-01
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*
History

13 Feb 2023, 00:47

Type Values Removed Values Added
Summary An uninitialized pointer use flaw was found when allocating memory to save unacknowledged replies to authenticated command requests. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process. chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:2241', 'name': 'https://access.redhat.com/errata/RHSA-2015:2241', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-1822', 'name': 'https://access.redhat.com/security/cve/CVE-2015-1822', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1209632', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1209632', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 20:20

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2015:2241 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-1822 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1209632 -
Summary chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests. An uninitialized pointer use flaw was found when allocating memory to save unacknowledged replies to authenticated command requests. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process.
Information

Published : 2015-04-16 14:59

Updated : 2023-12-10 11:31

NVD link : CVE-2015-1822

Mitre link : CVE-2015-1822

CVE.ORG link : CVE-2015-1822

JSON object : View

Products Affected

tuxfamily

  • chrony

debian

  • debian_linux
CWE
CWE-17

DEPRECATED: Code