CVE Vulnerabilities

CVE-2015-1853

Published: Dec 09, 2019 | Modified: Dec 17, 2019
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu

chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.

Affected Software

Name Vendor Start Version End Version
Chrony Tuxfamily * *
Red Hat Enterprise Linux 7 RedHat chrony-0:2.1.1-1.el7 *
Chrony Ubuntu lucid *
Chrony Ubuntu precise *
Chrony Ubuntu trusty *
Chrony Ubuntu upstream *
Chrony Ubuntu utopic *
Chrony Ubuntu vivid *
Chrony Ubuntu wily *
Chrony Ubuntu yakkety *
Chrony Ubuntu zesty *

References