[arch-security] [ASA-201504-9] chrony: denial of service

Christian Rebischke chris.rebischke at gmail.com
Wed Apr 8 17:35:41 UTC 2015


Arch Linux Security Advisory ASA-201504-9
=========================================

Severity: Medium
Date    : 2015-04-08
CVE-ID  : CVE-2015-1853
Package : chrony
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package chrony before version 1.31-2 is vulnerable to denial of service

Resolution
==========

Upgrade to 1.31-2.

# pacman -Syu "chrony>=1.31-2"

The problem has been fixed upstream.

Workaround
==========

None.

Description
===========

CVE-2015-1853 (denial of service):
This issue is similiar to the "ntp CVE-2015-1799"-issue.
An attacker knowing that NTP hosts A and B are peering with each other
(symmetric association) can send a packet to host A with source address of B
which will set the NTP state variables on A to the values sent by the attacker.
Host A will then send on its next poll to B a packet with originate timestamp
that doesn't match the transmit timestamp of B and the packet will be dropped.
If the attacker does this periodically for both hosts, they won't be able to
synchronize to each other. This is a known denial-of-service attack

Impact
======

CVE-2015-1853 (denial of service):

An attacker could stop the synchronizing process of chrony.

References
==========

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1853
https://access.redhat.com/security/cve/CVE-2015-1853
http://seclists.org/oss-sec/2015/q2/63

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150408/62f2322e/attachment.asc>


More information about the arch-security mailing list