CVE-2010-0292

The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.

Affected Software

Name	Vendor	Start Version	End Version
Chrony	Tuxfamily	*	1.23-pre1 (including)
Chrony	Tuxfamily	1.18 (including)	1.18 (including)
Chrony	Tuxfamily	1.19 (including)	1.19 (including)
Chrony	Tuxfamily	1.19-1 (including)	1.19-1 (including)
Chrony	Tuxfamily	1.19.99.1 (including)	1.19.99.1 (including)
Chrony	Tuxfamily	1.19.99.2 (including)	1.19.99.2 (including)
Chrony	Tuxfamily	1.19.99.3 (including)	1.19.99.3 (including)
Chrony	Tuxfamily	1.20 (including)	1.20 (including)
Chrony	Tuxfamily	1.21 (including)	1.21 (including)
Chrony	Tuxfamily	1.21-pre1 (including)	1.21-pre1 (including)
Chrony	Tuxfamily	1.24-pre1 (including)	1.24-pre1 (including)
Chrony	Ubuntu	dapper	*
Chrony	Ubuntu	devel	*
Chrony	Ubuntu	hardy	*
Chrony	Ubuntu	intrepid	*
Chrony	Ubuntu	jaunty	*
Chrony	Ubuntu	karmic	*
Chrony	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-0292
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References