Vulnerability CVE-2010-4336


Published: 2010-12-17   Modified: 2012-02-13

Description:
The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins.

Type:

CWE-399

(Resource Management Errors)

Vendor: Collectd
Product: Collectd 
Version:
4.9.3
4.9.2
4.9.1
4.9.0
4.8.5
4.8.4
4.8.3
4.8.2
4.8.1
4.8.0
4.7.5
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
4.6.5
4.6.4
4.6.3
4.6.2
4.6.1
4.6.0
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.10.1
4.10
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1.0
4.0.9
4.0.8
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.vupen.com/english/advisories/2011/0041
http://www.vupen.com/english/advisories/2010/3196
http://www.securityfocus.com/bid/45075
http://www.debian.org/security/2010/dsa-2133
http://secunia.com/advisories/42846
http://secunia.com/advisories/42491
http://secunia.com/advisories/42393
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052875.html
http://collectd.org/news.shtml#news86
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605092

Related CVE
CVE-2017-18240
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a ...
CVE-2017-16820
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
CVE-2017-7401
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel ...
CVE-2016-6254
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

Copyright 2019, cxsecurity.com

 

Back to Top