Vulnerabilities > CVE-2014-0021
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Chrony before 1.29.1 has traffic amplification in cmdmon protocol
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 3 | |
| OS | 2 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-1943.NASL description This update fixes the following security vulnerability : - Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-06 plugin id 72358 published 2014-02-06 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72358 title Fedora 20 : chrony-1.29.1-1.fc20 (2014-1943) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-1943. # include("compat.inc"); if (description) { script_id(72358); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0021"); script_bugtraq_id(65035); script_xref(name:"FEDORA", value:"2014-1943"); script_name(english:"Fedora 20 : chrony-1.29.1-1.fc20 (2014-1943)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes the following security vulnerability : - Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1054790" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c4107350" ); script_set_attribute( attribute:"solution", value:"Update the affected chrony package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chrony"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"chrony-1.29.1-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chrony"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-366.NASL description It was reported that the cmdmon protocol implemented in chrony was found to be vulnerable to DDoS attacks using traffic amplification. By default, commands are allowed only from localhost, but it last seen 2020-06-01 modified 2020-06-02 plugin id 78309 published 2014-10-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78309 title Amazon Linux AMI : chrony (ALAS-2014-366) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0027_CHRONY.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit. (CVE-2012-4502) - cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply. (CVE-2012-4503) - Chrony before 1.29.1 has traffic amplification in cmdmon protocol (CVE-2014-0021) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-05-27 plugin id 136904 published 2020-05-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136904 title NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1916.NASL description This update fixes the following security vulnerability : - Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-20 plugin id 72593 published 2014-02-20 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72593 title Fedora 19 : chrony-1.29.1-1.fc19 (2014-1916)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html
- http://www.openwall.com/lists/oss-security/2014/01/17/9
- http://www.openwall.com/lists/oss-security/2014/01/17/9
- http://www.openwall.com/lists/oss-security/2014/01/18/1
- http://www.openwall.com/lists/oss-security/2014/01/18/1
- http://www.openwall.com/lists/oss-security/2014/01/18/2
- http://www.openwall.com/lists/oss-security/2014/01/18/2
- http://www.openwall.com/lists/oss-security/2014/01/18/3
- http://www.openwall.com/lists/oss-security/2014/01/18/3
- http://www.openwall.com/lists/oss-security/2014/01/19/1
- http://www.openwall.com/lists/oss-security/2014/01/19/1
- http://www.securityfocus.com/bid/65035
- http://www.securityfocus.com/bid/65035
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90925
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90925
- https://security-tracker.debian.org/tracker/CVE-2014-0021
- https://security-tracker.debian.org/tracker/CVE-2014-0021