chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
References
Link | Resource |
---|---|
http://chrony.tuxfamily.org/News.html | Release Notes Vendor Advisory |
https://security.gentoo.org/glsa/201507-01 | Third Party Advisory |
Configurations
History
13 Feb 2023, 00:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. |
02 Feb 2023, 20:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A denial of service flaw was found in the way chrony hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. |
Information
Published : 2019-12-09 19:15
Updated : 2023-12-10 13:13
NVD link : CVE-2015-1853
Mitre link : CVE-2015-1853
CVE.ORG link : CVE-2015-1853
JSON object : View
Products Affected
tuxfamily
- chrony
CWE