CVE-2010-0292
Last modified
CVE-2010-0292 is a vulnerability of currently unknown severity. The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.. EPSS estimates a 1.76% chance of exploitation in the next 30 days.
Description
The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tuxfamily | Chrony | <= 1.23-pre1 |
| Tuxfamily | Chrony | 1.18 |
| Tuxfamily | Chrony | 1.19 |
| Tuxfamily | Chrony | 1.19-1 |
| Tuxfamily | Chrony | 1.19.99.1 |
| Tuxfamily | Chrony | 1.19.99.2 |
| Tuxfamily | Chrony | 1.19.99.3 |
| Tuxfamily | Chrony | 1.20 |
| Tuxfamily | Chrony | 1.21 |
| Tuxfamily | Chrony | 1.21-pre1 |
| Tuxfamily | Chrony | 1.24-pre1 |
References
- http://chrony.tuxfamily.org/News.htmlVendor Advisory
- http://secunia.com/advisories/38428Vendor Advisory
- http://secunia.com/advisories/38480Vendor Advisory
- http://chrony.tuxfamily.org/News.htmlVendor Advisory
- http://secunia.com/advisories/38428Vendor Advisory
- http://secunia.com/advisories/38480Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-0292?
How severe is CVE-2010-0292?
How do I fix CVE-2010-0292?
Are you affected by CVE-2010-0292?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST