CVE-2010-0293 Information

Description

The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

Reference

http://chrony.tuxfamily.org/News.html http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=2f63cf448560fdb96b80d8488aae6a15b802a753 http://secunia.com/advisories/38428 http://secunia.com/advisories/38480 http://www.debian.org/security/2010/dsa-1992 http://www.securityfocus.com/bid/38106 https://bugzilla.redhat.com/show_bug.cgi?id=555367