CVE-2010-0293 - OpenCVE

The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tuxfamily	Chrony

Configuration 1 [-]

OR	cpe:2.3:a:tuxfamily:chrony::::::::
	cpe:2.3:a:tuxfamily:chrony:1.18:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19-1:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19.99.1:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19.99.2:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.19.99.3:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.20:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.21:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.21-pre1:::::::*
	cpe:2.3:a:tuxfamily:chrony:1.24-pre1:::::::*

References

Link	Resource
http://chrony.tuxfamily.org/News.html	Vendor Advisory
http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753
http://secunia.com/advisories/38428	Vendor Advisory
http://secunia.com/advisories/38480	Vendor Advisory
http://www.debian.org/security/2010/dsa-1992
http://www.securityfocus.com/bid/38106
https://bugzilla.redhat.com/show_bug.cgi?id=555367

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:21:10

Updated: 2022-10-03T16:21:10

Reserved: 2022-10-03T00:00:00

Link: CVE-2010-0293

JSON object: View

NVD Information

Status : Modified

Published: 2010-02-08T20:30:01.233

Modified: 2023-11-07T02:05:03.630

Link: CVE-2010-0293

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:21:10", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-1992", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-1992"}, {"name": "38106", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38106"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://chrony.tuxfamily.org/News.html"}, {"name": "38428", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38428"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555367"}, {"name": "38480", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38480"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-0293", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1992", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-1992"}, {"name": "38106", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38106"}, {"name": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=2f63cf448560fdb96b80d8488aae6a15b802a753", "refsource": "CONFIRM", "url": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=2f63cf448560fdb96b80d8488aae6a15b802a753"}, {"name": "http://chrony.tuxfamily.org/News.html", "refsource": "CONFIRM", "url": "http://chrony.tuxfamily.org/News.html"}, {"name": "38428", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38428"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=555367", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555367"}, {"name": "38480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38480"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0293", "datePublished": "2022-10-03T16:21:10", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:21:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*", "matchCriteriaId": "90274BAF-E019-4211-AAFF-7C597216F1A6", "versionEndIncluding": "1.23-pre1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*", "matchCriteriaId": "BE7B1A16-5E42-4571-BD0A-306E452F88C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*", "matchCriteriaId": "3876201F-F20D-42DA-912A-17B6108C05A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19-1:*:*:*:*:*:*:*", "matchCriteriaId": "43F45EF4-B54C-433B-B01A-6557881BB90C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E0A3321-1CC7-47C1-A7F1-1FFC0CBA892A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "203D6F3C-367E-4D39-8081-499A4847DB40", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*", "matchCriteriaId": "F94EADFC-7FAC-47B5-8024-1F1D81F57E02", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*", "matchCriteriaId": "FF708CE0-F27C-474D-AB0C-296DCB53F416", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*", "matchCriteriaId": "D4B0E62E-A525-4E0C-A5DF-512D79D7A68A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.21-pre1:*:*:*:*:*:*:*", "matchCriteriaId": "455878C7-0BE9-4C40-85BF-A320064D4768", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:1.24-pre1:*:*:*:*:*:*:*", "matchCriteriaId": "FF03B21E-3BED-452C-AE1C-3951DEA930AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets."}, {"lang": "es", "value": "La funcionalidad \"client logging\" en chronyd en Chrony anterior a v1.23.1, no restringe la cantidad de memoria empleada para almacenar la informaci\u00f3n de un cliente, lo que permite a atacantes remotos, provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante la suplantaci\u00f3n de paquetes (1) NTP o (2) cmdmon."}], "id": "CVE-2010-0293", "lastModified": "2023-11-07T02:05:03.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-08T20:30:01.233", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://chrony.tuxfamily.org/News.html"}, {"source": "secalert@redhat.com", "url": "http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38428"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38480"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-1992"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/38106"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555367"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}