CVE-2012-4502: Buffer Overflow
First published: Tue Aug 07 2012(Updated: )
In pktlength.c:PKL_CommandLength(), the computation in the REQ_SUBNETS_ACCESSED/REQ_CLIENT_ACCESSES cases can overflow, and PKL_CommandLength can return a negative value. As a result, the subsequent attempt to hash the packet triggers an out-of-bounds read, segmentation fault, and daemon crash. Attacks are possible from IP addresses listed in the cmdallow ACL (restricted to localhost by default) by sending UDP packets to port 323; no additional authentication is required. The length computations in pktlength.c:PKL_ReplyLength() should be guarded against overflow, too.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/chrony | <1.29 | 1.29 |
| Chrony | <=1.28 | |
| Chrony | =1.0 | |
| Chrony | =1.1 | |
| Chrony | =1.18 | |
| Chrony | =1.19 | |
| Chrony | =1.19.99.1 | |
| Chrony | =1.19.99.2 | |
| Chrony | =1.19.99.3 | |
| Chrony | =1.20 | |
| Chrony | =1.21 | |
| Chrony | =1.21-pre1 | |
| Chrony | =1.23 | |
| Chrony | =1.23-pre1 | |
| Chrony | =1.23.1 | |
| Chrony | =1.24 | |
| Chrony | =1.24-pre1 | |
| Chrony | =1.25 | |
| Chrony | =1.25-pre1 | |
| Chrony | =1.25-pre2 | |
| Chrony | =1.26 | |
| Chrony | =1.26-pre1 | |
| Chrony | =1.27 | |
| Chrony | =1.27-pre1 | |
| Chrony | =1.28-pre1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1
- http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
- http://seclists.org/oss-sec/2013/q3/332
- http://www.debian.org/security/2013/dsa-2760
- https://bugzilla.redhat.com/show_bug.cgi?id=846392
- https://access.redhat.com/security/cve/CVE-2013-4502
- http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
- https://access.redhat.com/security/cve/CVE-2013-4503
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=995375
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=995376
Frequently Asked Questions
What is the severity of CVE-2012-4502?
CVE-2012-4502 is classified as a medium severity vulnerability that can lead to a daemon crash.
How do I fix CVE-2012-4502?
To mitigate CVE-2012-4502, update the Chrony package to version 1.29 or later.
Which software is affected by CVE-2012-4502?
CVE-2012-4502 affects multiple versions of the Chrony software, specifically versions prior to 1.29.
What type of vulnerability is CVE-2012-4502?
CVE-2012-4502 is a vulnerability that involves an overflow leading to an out-of-bounds read and segmentation fault.
What could happen if CVE-2012-4502 is exploited?
Exploiting CVE-2012-4502 can result in a segmentation fault and crash of the Chrony daemon.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-4502
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/tuxfamily
- canonical/chrony
- version/chrony/1.28
- version/chrony/1.0
- version/chrony/1.1
- version/chrony/1.18
- version/chrony/1.19
- version/chrony/1.19.99.1
- version/chrony/1.19.99.2
- version/chrony/1.19.99.3
- version/chrony/1.20
- version/chrony/1.21
- version/chrony/1.21-pre1
- version/chrony/1.23
- version/chrony/1.23-pre1
- version/chrony/1.23.1
- version/chrony/1.24
- version/chrony/1.24-pre1
- version/chrony/1.25
- version/chrony/1.25-pre1
- version/chrony/1.25-pre2
- version/chrony/1.26
- version/chrony/1.26-pre1
- version/chrony/1.27
- version/chrony/1.27-pre1
- version/chrony/1.28-pre1