Описание
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.1-5 |
| bionic | not-affected | 3.2-4ubuntu1 |
| cosmic | not-affected | 3.2-4ubuntu1 |
| devel | not-affected | 3.2-4ubuntu1 |
| esm-apps/xenial | not-affected | 2.1.1-1 |
| esm-infra-legacy/trusty | not-affected | 1.29-1ubuntu0.1 |
| esm-infra/bionic | not-affected | 3.2-4ubuntu1 |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
Показывать по
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
chrony before 1.31.1 does not properly protect state variables in auth ...
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
ELSA-2015-2241: chrony security, bug fix, and enhancement update (MODERATE)
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3