ID CVE-2015-1853
Summary chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
References
Vulnerable Configurations
  • cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.21:pre1:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.21:pre1:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.23:pre1:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.23:pre1:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.24:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.24:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.24:pre1:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.24:pre1:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.25:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.25:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.25:pre1:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.25:pre1:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.25:pre2:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.25:pre2:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.26:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.26:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.26:pre1:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.26:pre1:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.27:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.27:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.27:pre1:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.27:pre1:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.28:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.28:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.28:pre1:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.28:pre1:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.29:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.29:*:*:*:*:*:*:*
  • cpe:2.3:a:tuxfamily:chrony:1.31:*:*:*:*:*:*:*
    cpe:2.3:a:tuxfamily:chrony:1.31:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 17-12-2019 - 17:52)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1219492
title Use iburst option for NTP servers from DHCP
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • comment chrony is earlier than 0:2.1.1-1.el7
      oval oval:com.redhat.rhsa:tst:20152241001
    • comment chrony is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20152241002
rhsa
id RHSA-2015:2241
released 2015-11-19
severity Moderate
title RHSA-2015:2241: chrony security, bug fix, and enhancement update (Moderate)
rpms
  • chrony-0:2.1.1-1.el7
  • chrony-debuginfo-0:2.1.1-1.el7
refmap via4
misc
Last major update 17-12-2019 - 17:52
Published 09-12-2019 - 19:15
Last modified 17-12-2019 - 17:52
Back to Top