CVE-2015-1821
CVSS V2 Medium 6.5
CVSS V3 None
Description
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.
Overview
- CVE ID
- CVE-2015-1821
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2015-04-16T14:59:01
- Last Modified Date
- 2023-02-13T00:47:10
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:* | 1 | OR | 1.31 | |
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.5
- Severity
- MEDIUM
- Exploitability Score
- 8
- Impact Score
- 6.4
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2015-1821 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1821 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 09:40:54 | Added to TrackCVE | |||
2022-12-02 04:21:02 | 2015-04-16T14:59Z | 2015-04-16T14:59:01 | CVE Published Date | updated |
2022-12-02 04:21:02 | 2017-07-01T01:29:13 | CVE Modified Date | updated | |
2022-12-02 04:21:02 | Modified | Vulnerability Status | updated | |
2023-02-02 21:04:59 | 2023-02-02T20:20:14 | CVE Modified Date | updated | |
2023-02-02 21:04:59 | Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder. | An out-of-bounds write flaw was found in the way Chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process. | Description | updated |
2023-02-02 21:05:06 | References | updated | ||
2023-02-13 01:05:54 | 2023-02-13T00:47:10 | CVE Modified Date | updated | |
2023-02-13 01:05:54 | An out-of-bounds write flaw was found in the way Chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process. | Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder. | Description | updated |