CVE-2010-0294 | Vulnerability Database | Aqua Security

chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.

Affected Software

Name	Vendor	Start Version	End Version
Chrony	Tuxfamily	*	1.23-pre1 (including)
Chrony	Tuxfamily	1.18 (including)	1.18 (including)
Chrony	Tuxfamily	1.19 (including)	1.19 (including)
Chrony	Tuxfamily	1.19-1 (including)	1.19-1 (including)
Chrony	Tuxfamily	1.19.99.1 (including)	1.19.99.1 (including)
Chrony	Tuxfamily	1.19.99.2 (including)	1.19.99.2 (including)
Chrony	Tuxfamily	1.19.99.3 (including)	1.19.99.3 (including)
Chrony	Tuxfamily	1.20 (including)	1.20 (including)
Chrony	Tuxfamily	1.21 (including)	1.21 (including)
Chrony	Tuxfamily	1.21-pre1 (including)	1.21-pre1 (including)
Chrony	Tuxfamily	1.24-pre1 (including)	1.24-pre1 (including)
Chrony	Ubuntu	dapper	*
Chrony	Ubuntu	devel	*
Chrony	Ubuntu	hardy	*
Chrony	Ubuntu	intrepid	*
Chrony	Ubuntu	jaunty	*
Chrony	Ubuntu	karmic	*
Chrony	Ubuntu	upstream	*

References

http://chrony.tuxfamily.org/News.html
http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=0b710499f994823bd938fc6895f097eefb9cc59f
http://secunia.com/advisories/38428
http://secunia.com/advisories/38480
http://www.debian.org/security/2010/dsa-1992
http://www.securityfocus.com/bid/38106
https://bugzilla.redhat.com/show_bug.cgi?id=555367

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-0294
CWE	https://cwe.mitre.org/data/definitions/399.html