Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-4502

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.

Related bugs and status

CVE-2012-4502 (Candidate) is related to these bugs:

Bug #1385505: CVE-2012-4503 CVE-2012-4502 Not backported to precise

Summary				In	Importance	Status
	1385505	CVE-2012-4503 CVE-2012-4502 Not backported to precise		chrony (Ubuntu)	Undecided	Expired

See the

CVE page on Mitre.org for more details.

References

MLIST: [chrony-announce] 2013...
MLIST: [oss-security] 2013080...
CONFIRM: http://git.tuxfamily.o...
CONFIRM: https://bugzilla.redha...
DEBIAN: DSA-2760