Vulnerabilities > CVE-2010-4336 - Resource Management Errors vulnerability in Collectd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2133.NASL description It was discovered that collectd, a statistics collection and monitoring daemon, is prone to a denial of service attack via a crafted network packet. last seen 2020-06-01 modified 2020-06-02 plugin id 51181 published 2010-12-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51181 title Debian DSA-2133-1 : collectd - denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2133. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(51181); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2010-4336"); script_bugtraq_id(45075); script_xref(name:"DSA", value:"2133"); script_name(english:"Debian DSA-2133-1 : collectd - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that collectd, a statistics collection and monitoring daemon, is prone to a denial of service attack via a crafted network packet." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605092" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-2133" ); script_set_attribute( attribute:"solution", value: "Upgrade the collectd packages. For the stable distribution (lenny), this problem has been fixed in version 4.4.2-3+lenny1. This advisory only contains the packages for the alpha, amd64, arm, armel, hppa, i386, ia64, mips, powerpc, s390 and sparc architectures. The packages for the mipsel architecture will be released soon." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:collectd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"collectd", reference:"4.4.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"collectd-dbg", reference:"4.4.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"collectd-dev", reference:"4.4.2-3+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2010-19031.NASL description - Fri Dec 17 2010 Alan Pevec <apevec at redhat.com> 4.9.4-1 - New upstream version 4.9.4 http://collectd.org/news.shtml#news86 - fixes CVE-2010-4336 (rhbz#663799) - Wed Sep 29 2010 jkeating - 4.9.2-1.1 - Rebuilt for gcc bug 634757 - Tue Jun 8 2010 Alan Pevec <apevec at redhat.com> 4.9.2-1 - New upstream version 4.9.2 http://collectd.org/news.shtml#news83 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 51429 published 2011-01-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51429 title Fedora 14 : collectd-4.9.4-1.fc14 (2010-19031) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-19031. # include("compat.inc"); if (description) { script_id(51429); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_cve_id("CVE-2010-4336"); script_bugtraq_id(45075); script_xref(name:"FEDORA", value:"2010-19031"); script_name(english:"Fedora 14 : collectd-4.9.4-1.fc14 (2010-19031)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fri Dec 17 2010 Alan Pevec <apevec at redhat.com> 4.9.4-1 - New upstream version 4.9.4 http://collectd.org/news.shtml#news86 - fixes CVE-2010-4336 (rhbz#663799) - Wed Sep 29 2010 jkeating - 4.9.2-1.1 - Rebuilt for gcc bug 634757 - Tue Jun 8 2010 Alan Pevec <apevec at redhat.com> 4.9.2-1 - New upstream version 4.9.2 http://collectd.org/news.shtml#news83 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://collectd.org/news.shtml#news83 script_set_attribute( attribute:"see_also", value:"https://collectd.org/news.shtml#news83" ); # http://collectd.org/news.shtml#news86 script_set_attribute( attribute:"see_also", value:"https://collectd.org/news.shtml#news86" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=663797" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052875.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b288dcc5" ); script_set_attribute( attribute:"solution", value:"Update the affected collectd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:collectd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2010/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"collectd-4.9.4-1.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "collectd"); }
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605092
- http://collectd.org/news.shtml#news86
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052875.html
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://secunia.com/advisories/42393
- http://secunia.com/advisories/42491
- http://secunia.com/advisories/42846
- http://www.debian.org/security/2010/dsa-2133
- http://www.securityfocus.com/bid/45075
- http://www.vupen.com/english/advisories/2010/3196
- http://www.vupen.com/english/advisories/2011/0041