1209631 – (CVE-2015-1821) CVE-2015-1821 chrony: Heap out of bound write in address filter

Bug 1209631 (CVE-2015-1821) - CVE-2015-1821 chrony: Heap out of bound write in address filter

Summary: CVE-2015-1821 chrony: Heap out of bound write in address filter

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-1821
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1209633 1209634 1221579
Blocks:	1200382 1210268
TreeView+	depends on / blocked

Reported:	2015-04-07 20:45 UTC by Kurt Seifried
Modified:	2023-05-12 14:00 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-11-20 05:27:26 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:2241	0	normal	SHIPPED_LIVE	Moderate: chrony security, bug fix, and enhancement update	2015-11-19 08:59:36 UTC

Description Kurt Seifried 2015-04-07 20:45:21 UTC

Miroslav Lichvar of Red Hat reports:

When NTP or cmdmon access is configured (from chrony.conf or over
authenticated cmdmon) with a subnet size that is not divisible by 4
and address that has nonzero bits in the 4-bit subnet remainder (e.g.
f0::/3), the TableNode array index is calculated incorrectly and it
may write past the array.

Comment 1 Kurt Seifried 2015-04-07 20:47:20 UTC

Acknowledgements:

This issue was discovered by Miroslav Lichvár of Red Hat.

Comment 2 Kurt Seifried 2015-04-07 20:49:17 UTC

Created chrony tracking bugs for this issue:

Affects: epel-all [bug 1209633]

Comment 3 Kurt Seifried 2015-04-07 20:51:33 UTC

Created chrony tracking bugs for this issue:

Affects: fedora-all [bug 1209634]

Comment 4 Kurt Seifried 2015-04-08 15:59:20 UTC

This issue was fixed upstream:

http://chrony.tuxfamily.org/News.html

The updated version is available at: 

http://download.tuxfamily.org/chrony/chrony-1.31.1.tar.gz

Comment 5 Fedora Update System 2015-04-22 22:43:00 UTC

chrony-2.0-0.3.pre2.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2015-04-22 22:53:45 UTC

chrony-1.31.1-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2015-04-23 19:00:48 UTC

chrony-1.31.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2015-04-23 19:02:43 UTC

chrony-1.31.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2015-04-24 22:49:59 UTC

chrony-1.31.1-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 errata-xmlrpc 2015-11-19 08:30:00 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2241 https://rhn.redhat.com/errata/RHSA-2015-2241.html

Note You need to log in before you can comment on or make changes to this bug.