chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
References
Link | Resource |
---|---|
http://chrony.tuxfamily.org/News.html | Release Notes Vendor Advisory |
https://security.gentoo.org/glsa/201507-01 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-12-09T18:53:22
Updated: 2019-12-09T18:53:22
Reserved: 2015-02-17T00:00:00
Link: CVE-2015-1853
JSON object: View
NVD Information
Status : Modified
Published: 2019-12-09T19:15:14.150
Modified: 2023-02-13T00:47:23.053
Link: CVE-2015-1853
JSON object: View
Redhat Information
No data.
CWE