MGASA-2014-0052

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0052.html

Import Source

https://advisories.mageia.org/MGASA-2014-0052.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0052

Related

CVE-2014-0021

Published

2014-02-11T22:13:17Z

Modified

2014-02-11T22:12:51Z

Summary

Updated chrony package fixes security vulnerability

Details

Updated chrony package fixes security vulnerability:

In the chrony control protocol some replies are significantly larger than their requests, which allows an attacker to use it in an amplification attack (CVE-2014-0021).

Note: in the default configuration, cmdallow is restricted to localhost, so significant amplification is only possible if the configuration has been changed to allow cmdallow from other hosts. Even from hosts whose access is denied, minor amplification is still possible.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / chrony

Package

Name: chrony
Purl: pkg:rpm/mageia/chrony?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.29.1-1.mga4

Ecosystem specific

{
    "section": "core"
}