CVE-2014-0021 : Chrony before 1.29.1 has traffic amplification in cmdmon protocol

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

Published 2019-11-15 15:15:12

Updated 2020-08-18 15:05:58

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2014-0021

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 19
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 20
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Matching versions
Chrony Project » Chrony
Versions before (<) 1.29
cpe:2.3:a:chrony_project:chrony:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-0021

EPSS FAQ

2.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-0021

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2014-0021

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.html

[SECURITY] Fedora 19 Update: chrony-1.29.1-1.fc19
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/01/17/9

oss-security - CVE-2014-0021: chrony traffic amplification in cmdmon protocol
Mailing List;Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90925

Chrony control protocol denial of service CVE-2014-0021 Vulnerability Report
Third Party Advisory;VDB Entry
http://www.openwall.com/lists/oss-security/2014/01/18/1

oss-security - Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol
Mailing List;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021

1054790 – (CVE-2014-0021) CVE-2014-0021 chrony: DDoS via amplification in cmdmon protocol
Issue Tracking;Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/01/18/2

oss-security - Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/01/19/1

oss-security - Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol
Mailing List;Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2014-0021

CVE-2014-0021
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/01/18/3

oss-security - Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol
Mailing List;Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html

[SECURITY] Fedora 20 Update: chrony-1.29.1-1.fc20
Mailing List;Third Party Advisory
http://www.securityfocus.com/bid/65035

Malformed Request
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2014-0021

Products affected by CVE-2014-0021

Exploit prediction scoring system (EPSS) score for CVE-2014-0021

CVSS scores for CVE-2014-0021

References for CVE-2014-0021