[chrony-users] Security Advisory

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

Chrony Security Advisory                    jhasler@xxxxxxxxxxxxxxxxxxxx
February 03, 2010

Package         : chrony                 
Vulnerability   : denial of service
Problem type    : remote                 
Version-specific: no                     
CVE IDs         : CVE-2010-0292  CVE-2010-0293 CVE-2010-0294

Several vulnerabilities have been discovered in chronyd, the Chrony NTP
server/client.  These bugs can be exploited for a remote denial of service.
The Common Vulnerabilities and Exposures project identifies the following

chronyd replies to all cmdmon packets from unauthorized hosts with
NOHOSTACCESS message.  This can be used to create a loop between two chrony
daemons which don't allow cmdmon access from each other by sending a packet
with spoofed source address and port. This will cause high CPU, network and
syslog usage.

FIX: Don't reply to invalid cmdmon packets

The client logging facility doesn't limit memory which is used to keep
informations about clients. If chronyd is configured to allow access
from a large IP address range, an attacker can cause chronyd to
allocate large amount of memory by sending NTP or cmdmon packets with
spoofed source addresses. By default only is allowed.

FIX: Limit client log memory size

There are several ways that an attacker can make chronyd log messages and
possibly fill up disk space. The rate for these messages should be limited.

FIX: Limit rate of syslog messages

These bugs have been fixed in the new Chrony 1.24 release and in Chrony
1.23.1, both available for download at http://www.chrony.tuxfamily.org.
Patches are available from the Git repository on the Web site.

We recommend that you upgrade your Chrony package to version 1.24.  If you
cannot upgrade because you need compatibility with the old cmdmon protocol
upgrade to 1.23.1.  Upgrade via your distribution's repositories if
possible: they should have patched versions available shortly.

To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/