Lucene search
AmazonALAS-2018-940HistoryJan 04, 2018 - 7:38 p.m.
Medium: collectd
2018-01-0419:38:00
alas.aws.amazon.com
21
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.4%
Issue Overview:
Double free in csnmp_read_table function in snmp.c:
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). (CVE-2017-16820)
Affected Packages:
collectd
Issue Correction:
Run yum update collectd to update your system.
New Packages:
i686:
collectd-chrony-5.8.0-2.19.amzn1.i686
collectd-web-5.8.0-2.19.amzn1.i686
collectd-generic-jmx-5.8.0-2.19.amzn1.i686
collectd-postgresql-5.8.0-2.19.amzn1.i686
collectd-dns-5.8.0-2.19.amzn1.i686
collectd-write_http-5.8.0-2.19.amzn1.i686
collectd-drbd-5.8.0-2.19.amzn1.i686
collectd-varnish-5.8.0-2.19.amzn1.i686
collectd-lua-5.8.0-2.19.amzn1.i686
collectd-email-5.8.0-2.19.amzn1.i686
collectd-synproxy-5.8.0-2.19.amzn1.i686
collectd-ipvs-5.8.0-2.19.amzn1.i686
collectd-write_tsdb-5.8.0-2.19.amzn1.i686
collectd-debuginfo-5.8.0-2.19.amzn1.i686
collectd-utils-5.8.0-2.19.amzn1.i686
collectd-rrdtool-5.8.0-2.19.amzn1.i686
collectd-gmond-5.8.0-2.19.amzn1.i686
libcollectdclient-devel-5.8.0-2.19.amzn1.i686
libcollectdclient-5.8.0-2.19.amzn1.i686
collectd-ipmi-5.8.0-2.19.amzn1.i686
collectd-notify_email-5.8.0-2.19.amzn1.i686
collectd-netlink-5.8.0-2.19.amzn1.i686
collectd-mysql-5.8.0-2.19.amzn1.i686
collectd-bind-5.8.0-2.19.amzn1.i686
collectd-dbi-5.8.0-2.19.amzn1.i686
collectd-amqp-5.8.0-2.19.amzn1.i686
collectd-snmp_agent-5.8.0-2.19.amzn1.i686
collectd-curl_xml-5.8.0-2.19.amzn1.i686
collectd-disk-5.8.0-2.19.amzn1.i686
collectd-apache-5.8.0-2.19.amzn1.i686
collectd-iptables-5.8.0-2.19.amzn1.i686
collectd-hugepages-5.8.0-2.19.amzn1.i686
collectd-java-5.8.0-2.19.amzn1.i686
collectd-python-5.8.0-2.19.amzn1.i686
collectd-5.8.0-2.19.amzn1.i686
collectd-snmp-5.8.0-2.19.amzn1.i686
collectd-openldap-5.8.0-2.19.amzn1.i686
collectd-write_sensu-5.8.0-2.19.amzn1.i686
collectd-mcelog-5.8.0-2.19.amzn1.i686
collectd-lvm-5.8.0-2.19.amzn1.i686
collectd-curl-5.8.0-2.19.amzn1.i686
perl-Collectd-5.8.0-2.19.amzn1.i686
collectd-zookeeper-5.8.0-2.19.amzn1.i686
collectd-rrdcached-5.8.0-2.19.amzn1.i686
collectd-nginx-5.8.0-2.19.amzn1.i686
collectd-memcachec-5.8.0-2.19.amzn1.i686
src:
collectd-5.8.0-2.19.amzn1.src
x86_64:
collectd-disk-5.8.0-2.19.amzn1.x86_64
collectd-curl_xml-5.8.0-2.19.amzn1.x86_64
collectd-mcelog-5.8.0-2.19.amzn1.x86_64
collectd-generic-jmx-5.8.0-2.19.amzn1.x86_64
collectd-zookeeper-5.8.0-2.19.amzn1.x86_64
collectd-mysql-5.8.0-2.19.amzn1.x86_64
collectd-lua-5.8.0-2.19.amzn1.x86_64
collectd-hugepages-5.8.0-2.19.amzn1.x86_64
collectd-apache-5.8.0-2.19.amzn1.x86_64
collectd-dbi-5.8.0-2.19.amzn1.x86_64
collectd-debuginfo-5.8.0-2.19.amzn1.x86_64
collectd-rrdtool-5.8.0-2.19.amzn1.x86_64
collectd-iptables-5.8.0-2.19.amzn1.x86_64
collectd-chrony-5.8.0-2.19.amzn1.x86_64
collectd-email-5.8.0-2.19.amzn1.x86_64
libcollectdclient-devel-5.8.0-2.19.amzn1.x86_64
collectd-varnish-5.8.0-2.19.amzn1.x86_64
collectd-utils-5.8.0-2.19.amzn1.x86_64
collectd-amqp-5.8.0-2.19.amzn1.x86_64
collectd-write_sensu-5.8.0-2.19.amzn1.x86_64
collectd-python-5.8.0-2.19.amzn1.x86_64
collectd-gmond-5.8.0-2.19.amzn1.x86_64
collectd-snmp_agent-5.8.0-2.19.amzn1.x86_64
collectd-lvm-5.8.0-2.19.amzn1.x86_64
collectd-openldap-5.8.0-2.19.amzn1.x86_64
collectd-drbd-5.8.0-2.19.amzn1.x86_64
collectd-dns-5.8.0-2.19.amzn1.x86_64
collectd-bind-5.8.0-2.19.amzn1.x86_64
collectd-java-5.8.0-2.19.amzn1.x86_64
collectd-5.8.0-2.19.amzn1.x86_64
collectd-rrdcached-5.8.0-2.19.amzn1.x86_64
collectd-netlink-5.8.0-2.19.amzn1.x86_64
collectd-ipvs-5.8.0-2.19.amzn1.x86_64
collectd-memcachec-5.8.0-2.19.amzn1.x86_64
collectd-postgresql-5.8.0-2.19.amzn1.x86_64
perl-Collectd-5.8.0-2.19.amzn1.x86_64
collectd-synproxy-5.8.0-2.19.amzn1.x86_64
collectd-ipmi-5.8.0-2.19.amzn1.x86_64
collectd-notify_email-5.8.0-2.19.amzn1.x86_64
collectd-write_tsdb-5.8.0-2.19.amzn1.x86_64
collectd-web-5.8.0-2.19.amzn1.x86_64
collectd-snmp-5.8.0-2.19.amzn1.x86_64
libcollectdclient-5.8.0-2.19.amzn1.x86_64
collectd-nginx-5.8.0-2.19.amzn1.x86_64
collectd-write_http-5.8.0-2.19.amzn1.x86_64
collectd-curl-5.8.0-2.19.amzn1.x86_64
Additional References
Red Hat: CVE-2017-16820
Mitre: CVE-2017-16820
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | collectd-chrony | < 5.8.0-2.19.amzn1 | collectd-chrony-5.8.0-2.19.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | collectd-web | < 5.8.0-2.19.amzn1 | collectd-web-5.8.0-2.19.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | collectd-generic-jmx | < 5.8.0-2.19.amzn1 | collectd-generic-jmx-5.8.0-2.19.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | collectd-postgresql | < 5.8.0-2.19.amzn1 | collectd-postgresql-5.8.0-2.19.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | collectd-dns | < 5.8.0-2.19.amzn1 | collectd-dns-5.8.0-2.19.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | collectd-write_http | < 5.8.0-2.19.amzn1 | collectd-write_http-5.8.0-2.19.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | collectd-drbd | < 5.8.0-2.19.amzn1 | collectd-drbd-5.8.0-2.19.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | collectd-varnish | < 5.8.0-2.19.amzn1 | collectd-varnish-5.8.0-2.19.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | collectd-lua | < 5.8.0-2.19.amzn1 | collectd-lua-5.8.0-2.19.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | collectd-email | < 5.8.0-2.19.amzn1 | collectd-email-5.8.0-2.19.amzn1.i686.rpm |
Related
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:20:32
openvas
openvas
Fedora Update for collectd FEDORA-2017-f47206eae4
2017-12-10 00:00:00
Fedora Update for collectd FEDORA-2017-d7ab32cc23
2017-12-09 00:00:00
Fedora Update for collectd FEDORA-2017-f9cfcef9d6
2017-12-10 00:00:00
alpinelinux
alpinelinux
CVE-2017-16820
2017-11-14 21:29:00
osv
osv
CVE-2017-16820
2017-11-14 21:29:00
collectd vulnerabilities
2021-03-15 21:14:39
fedora
fedora
[SECURITY] Fedora 27 Update: collectd-5.8.0-2.fc27
2017-12-10 05:11:27
[SECURITY] Fedora 26 Update: collectd-5.8.0-2.fc26
2017-12-09 22:30:20
[SECURITY] Fedora 25 Update: collectd-5.8.0-2.fc25
2017-12-09 04:58:59
redhat
redhat
(RHSA-2018:0252) Moderate: collectd security update
2018-01-30 20:54:49
(RHSA-2018:1605) Moderate: collectd security update
2018-05-17 15:15:29
redhatcve
redhatcve
CVE-2017-16820
2017-11-22 16:19:46
nessus
nessus
Fedora 27 : collectd (2017-f47206eae4)
2018-01-15 00:00:00
RHEL 7 : collectd (RHSA-2018:0560)
2018-03-28 00:00:00
Fedora 25 : collectd (2017-d7ab32cc23)
2017-12-11 00:00:00
prion
prion
Double free
2017-11-14 21:29:00
debiancve
debiancve
CVE-2017-16820
2017-11-14 21:29:00
ubuntucve
ubuntucve
CVE-2017-16820
2017-11-14 00:00:00
cve
cve
CVE-2017-16820
2017-11-14 21:29:00
gentoo
gentoo
collectd: Multiple vulnerabilities
2018-03-22 00:00:00
ubuntu
ubuntu
collectd vulnerabilities
2021-03-15 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.4%
Related for ALAS-2018-940