CVE-2015-1822

Impact:
Moderate
Public Date:
2015-04-07
CWE:
CWE-456
Bugzilla:
1209632: CVE-2015-1822 chrony: uninitialized pointer in cmdmon reply slots
An uninitialized pointer use flaw was found when allocating memory to save unacknowledged replies to authenticated command requests. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process.

Find out more about CVE-2015-1822 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6
Base Metrics AV:N/AC:M/Au:S/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (chrony) RHSA-2015:2241 2015-11-19

Acknowledgements

This issue was discovered by Miroslav Lichvár of Red Hat.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.