CVE-2020-14367 : Vulnerability Insights and Analysis

A flaw in Chrony versions before 3.5.1 allows an attacker to create a symlink with the default PID file name, leading to data loss and denial of service due to path traversal.

Understanding CVE-2020-14367

This CVE involves a vulnerability in Chrony versions before 3.5.1 that can be exploited by attackers with privileged access.

What is CVE-2020-14367?

The vulnerability occurs during the creation of the PID file under the /var/run/chrony folder in Chrony versions before 3.5.1.
Attackers can create a symbolic link with the default PID file name, pointing to any system file, resulting in data loss and denial of service.

The Impact of CVE-2020-14367

Attackers with privileged access can exploit this vulnerability to manipulate the PID file, potentially causing data loss and denial of service on the system.

Technical Details of CVE-2020-14367

This section provides more technical insights into the vulnerability.

Vulnerability Description

Chrony versions before 3.5.1 do not check for existing symbolic links with the same file name when creating the PID file, allowing attackers to create malicious symlinks.

Affected Systems and Versions

Product: Chrony
Vendor: n/a
Versions Affected: All Chrony versions before 3.5.1

Exploitation Mechanism

Attackers exploit the flaw during the startup of chronyd while running as the root user, creating a symlink with the default PID file name.

Mitigation and Prevention

Protecting systems from CVE-2020-14367 requires immediate actions and long-term security practices.

Immediate Steps to Take

Update Chrony to version 3.5.1 or later to mitigate the vulnerability.
Monitor system logs for any suspicious symlink creations.

Long-Term Security Practices

Implement the principle of least privilege to restrict access levels.
Regularly audit and review file permissions and symbolic links on the system.

Patching and Updates

Apply patches and updates provided by Chrony to address the vulnerability.