Tuxfamily Chrony 2.1.1

CPE Details

Tuxfamily Chrony 2.1.1
tuxfamily
chrony
2.1.1
2016-01-27
23h32 +00:00
2016-01-27
23h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:tuxfamily:chrony:2.1.1:*:*:*:*:*:*:*

Informations

Vendor

tuxfamily

Product

chrony

Version

2.1.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-14367 2020-08-24 12h07 +00:00 A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.
6
Medium
CVE-2016-1567 2016-01-26 18h00 +00:00 chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
8.1
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.