Vulnerabilities > CVE-2017-7401 - Infinite Loop vulnerability in Collectd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_08A2DF486C6A11E79B012047478F2F70.NASL description marcinguy reports : After sending this payload, collectd seems to be entering endless while() loop in packet_parse consuming high CPU resources, possibly crash/gets killed after a while. last seen 2020-06-01 modified 2020-06-02 plugin id 101826 published 2017-07-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101826 title FreeBSD : collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures (08a2df48-6c6a-11e7-9b01-2047478f2f70) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1285.NASL description An update for collectd is now available for RHEV 4.X RHEV-H and Agents for RHEL-7 and RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint. The following packages have been upgraded to a newer upstream version: collectd (5.7.1). (BZ#1446472) Security Fix(es) : * collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with last seen 2020-06-01 modified 2020-06-02 plugin id 100454 published 2017-05-26 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100454 title RHEL 7 : collectd (RHSA-2017:1285) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2615.NASL description An update for collectd is now available for Red Hat Gluster Storage 3.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. collectd is a host-based system statistics collection daemon that gathers metrics from various sources periodically, such as the operating system, applications, log files and devices, and storage clusters. As the daemon does not start up each time it updates files, it has a low system footprint. For Red Hat Gluster Storage Web Administration 3.4, collectd service is responsible for gathering metrics from Red Hat Gluster Storage clusters. The updated collectd package includes the following security bug fixes. Security Fix(es) : * collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions (CVE-2017-7401) * collectd: double free in csnmp_read_table function in snmp.c (CVE-2017-16820) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This updated package contains a number of bug fixes and enhancements, which are documented in detail in the Release Notes, linked in the References. All users of collectd are advised to upgrade to these updated packages, which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 117321 published 2018-09-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117321 title RHEL 7 : Storage Server (RHSA-2018:2615) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-829.NASL description Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions : Collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with last seen 2020-06-01 modified 2020-06-02 plugin id 100274 published 2017-05-19 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100274 title Amazon Linux AMI : collectd (ALAS-2017-829) NASL family Fedora Local Security Checks NASL id FEDORA_2017-6B639AFC9C.NASL description Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-04-26 plugin id 99678 published 2017-04-26 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99678 title Fedora 24 : collectd (2017-6b639afc9c) NASL family Fedora Local Security Checks NASL id FEDORA_2017-822D460AE2.NASL description Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101671 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101671 title Fedora 26 : collectd (2017-822d460ae2) NASL family Fedora Local Security Checks NASL id FEDORA_2017-80763C8C03.NASL description Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-04-25 plugin id 99644 published 2017-04-25 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99644 title Fedora 25 : collectd (2017-80763c8c03) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-884.NASL description It was discovered that there was an infinite loop vulnerability in collectd, a statistics collection and monitoring daemon. When a correct last seen 2020-03-17 modified 2017-04-05 plugin id 99189 published 2017-04-05 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/99189 title Debian DLA-884-1 : collectd security update
Redhat
advisories |
| ||||||||||||
rpms |
|
References
- http://www.securityfocus.com/bid/97321
- http://www.securityfocus.com/bid/97321
- https://access.redhat.com/errata/RHSA-2017:1285
- https://access.redhat.com/errata/RHSA-2017:1285
- https://access.redhat.com/errata/RHSA-2017:1787
- https://access.redhat.com/errata/RHSA-2017:1787
- https://access.redhat.com/errata/RHSA-2018:2615
- https://access.redhat.com/errata/RHSA-2018:2615
- https://github.com/collectd/collectd/issues/2174
- https://github.com/collectd/collectd/issues/2174