chrony
chrony is a client and server for the Network Time Protocol (NTP). This program keeps your computer's clock accurate. It was specially designed to support systems with intermittent Internet connections, but it also works well in permanently connected environments. It can also use hardware reference clocks, the system real-time clock, or manual input as time references.
| Tags | Systems Administration Time Synchronization |
|---|---|
| Licenses | GPLv2 |
| Operating Systems | Linux Solaris FreeBSD NetBSD |
| Implementation | C |
Recent releases
- 01 Feb 2013 21:59
Release Notes: Support for stronger authentication via NSS or libtomcrypt has been added, reports printed by chronyc have been extended, and other improvements and bugfixes have been made.
- 13 Jul 2011 20:34
Release Notes: Compatibility with Linux kernel 3.0 was added, replying on multi-homed IPv6 hosts was fixed, and other minor bugfixes and improvements were made.
- 04 May 2011 14:30
Release Notes: Clock accuracy with NTP sources and reference clocks was improved. Source selection and polling interval adjustment were improved. Delayed server name resolving was added. Many other bug fixes and improvements were made.
- 09 Feb 2010 18:21
Release Notes: Support for reference clocks (SHM, SOCK, PPS drivers), IPv6 support has been added, Linux capabilities support (to drop root privileges), memory locking support on Linux, real-time scheduler support on Linux, leap second support on Linux, and support for editline have been added. There are many bug fixes and improvements.
- 16 Dec 2009 15:23
Release Notes: Support for IPv6 and initial support for reference clocks were added. On Linux, support for real-time scheduler, memory locking, leap seconds, and Linux capabilities were added. Other bugfixes and improvements were made.
Recent comments
Chrony 1.24 is now available. It includes the following improvements and
new features:
* Support for reference clocks (SHM, SOCK, PPS drivers)
* IPv6 support
* Linux capabilities support (to drop root privileges)
* Memory locking support on Linux
* Real-time scheduler support on Linux
* Leap second support on Linux
* Support for editline
* Many bug fixes and improvements
This is suitable for production use.
Download the tarball from the "Download" page at
.
------------------------------------------------------------------------
Chrony Security Advisory jhasler@chrony.tuxfami...
www.chrony.tuxfamily.org
February 04, 2010
------------------------------------------------------------------------
Package : chrony
Vulnerability : denial of service
Problem type : remote
Version-specific: no
CVE IDs : CVE-2010-0292 CVE-2010-0293 CVE-2010-0294
Several vulnerabilities have been discovered in chronyd, the Chrony NTP
server/client. These bugs can be exploited for a remote denial of service.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2010-0292
chronyd replies to all cmdmon packets from unauthorized hosts with
NOHOSTACCESS message. This can be used to create a loop between two chrony
daemons which don't allow cmdmon access from each other by sending a packet
with spoofed source address and port. This will cause high CPU, network and
syslog usage.
FIX: Don't reply to invalid cmdmon packets
CVE-2010-0293
The client logging facility doesn't limit memory which is used to keep
informations about clients. If chronyd is configured to allow access
from a large IP address range, an attacker can cause chronyd to
allocate large amount of memory by sending NTP or cmdmon packets with
spoofed source addresses. By default only 127.0.0.1 is allowed.
FIX: Limit client log memory size
CVE-2010-0294
There are several ways that an attacker can make chronyd log messages and
possibly fill up disk space. The rate for these messages should be limited.
FIX: Limit rate of syslog messages
These bugs have been fixed in the new Chrony 1.24 release and in Chrony
1.23.1, both available for download at www.chrony.tuxfamily.org.
Patches are available from the Git repository on the Web site.
We recommend that you upgrade your Chrony package to version 1.24. If you
cannot upgrade because you need compatibility with the old cmdmon protocol
upgrade to 1.23.1. Upgrade via your distribution's repositories if
possible: they should have patched versions available shortly.
rcurnow
06 Oct 1999 17:48
Heartbeat
- Popularity Score
- 287.05
- Vitality Score
- 26.99
- Subscriptions
- 49
