Lucene search
This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.DEBIAN_DLA-884.NASLHistoryApr 05, 2017 - 12:00 a.m.
Debian DLA-884-1 : collectd security update
2017-04-0500:00:00
This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.
www.tenable.com
7
It was discovered that there was an infinite loop vulnerability in collectd, a statistics collection and monitoring daemon.
When a correct ‘Signature part’ is received by an instance configured without the AuthFile option, an endless loop occurs in the parse_packet routine due to a missing pointer increment to the next unprocessed part.
For Debian 7 ‘Wheezy’, this issue has been fixed in collectd version 5.1.0-3+deb7u3.
We recommend that you upgrade your collectd packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-884-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(99189);
script_version("3.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2017-7401");
script_name(english:"Debian DLA-884-1 : collectd security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that there was an infinite loop vulnerability in
collectd, a statistics collection and monitoring daemon.
When a correct 'Signature part' is received by an instance configured
without the AuthFile option, an endless loop occurs in the
parse_packet routine due to a missing pointer increment to the next
unprocessed part.
For Debian 7 'Wheezy', this issue has been fixed in collectd version
5.1.0-3+deb7u3.
We recommend that you upgrade your collectd packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2017/04/msg00003.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/collectd"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:collectd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:collectd-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:collectd-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:collectd-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:collectd-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcollectdclient-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcollectdclient0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2017/04/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/05");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"collectd", reference:"5.1.0-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"collectd-core", reference:"5.1.0-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"collectd-dbg", reference:"5.1.0-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"collectd-dev", reference:"5.1.0-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"collectd-utils", reference:"5.1.0-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libcollectdclient-dev", reference:"5.1.0-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libcollectdclient0", reference:"5.1.0-3+deb7u3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | collectd | p-cpe:/a:debian:debian_linux:collectd |
| debian | debian_linux | collectd-core | p-cpe:/a:debian:debian_linux:collectd-core |
| debian | debian_linux | collectd-dbg | p-cpe:/a:debian:debian_linux:collectd-dbg |
| debian | debian_linux | collectd-dev | p-cpe:/a:debian:debian_linux:collectd-dev |
| debian | debian_linux | collectd-utils | p-cpe:/a:debian:debian_linux:collectd-utils |
| debian | debian_linux | libcollectdclient-dev | p-cpe:/a:debian:debian_linux:libcollectdclient-dev |
| debian | debian_linux | libcollectdclient0 | p-cpe:/a:debian:debian_linux:libcollectdclient0 |
| debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
Related
fedora
fedora
[SECURITY] Fedora 25 Update: collectd-5.7.1-3.fc25
2017-04-25 02:26:29
[SECURITY] Fedora 24 Update: collectd-5.6.2-1.fc24
2017-04-25 17:24:29
[SECURITY] Fedora 26 Update: collectd-5.7.1-3.fc26
2017-04-19 17:02:48
osv
osv
collectd - security update
2017-04-04 00:00:00
CVE-2017-7401
2017-04-03 14:59:00
collectd vulnerabilities
2021-03-15 21:14:39
redhat
redhat
(RHSA-2017:1787) Moderate: collectd security update
2017-07-19 22:32:11
(RHSA-2018:2615) Moderate: collectd security update
2018-09-04 06:28:01
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:17:26
openvas
openvas
Debian LTS: Security Advisory for collectd (DLA-884-1)
2018-01-17 00:00:00
Fedora Update for collectd FEDORA-2017-6b639afc9c
2017-04-26 00:00:00
Fedora Update for collectd FEDORA-2017-80763c8c03
2017-04-25 00:00:00
nessus
nessus
FreeBSD : collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures (08a2df48-6c6a-11e7-9b01-2047478f2f70)
2017-07-20 00:00:00
RHEL 7 : collectd (RHSA-2017:1285)
2017-05-26 00:00:00
Amazon Linux AMI : collectd (ALAS-2017-829)
2017-05-19 00:00:00
prion
prion
Code injection
2017-04-03 14:59:00
debian
debian
[SECURITY] [DLA 884-1] collectd security update
2017-04-04 15:23:57
debiancve
debiancve
CVE-2017-7401
2017-04-03 14:59:00
ubuntucve
ubuntucve
CVE-2017-7401
2017-04-03 00:00:00
freebsd
freebsd
cve
cve
CVE-2017-7401
2017-04-03 14:59:00
alpinelinux
alpinelinux
CVE-2017-7401
2017-04-03 14:59:00
amazon
amazon
Medium: collectd
2017-05-18 18:58:00
ubuntu
ubuntu
collectd vulnerabilities
2021-03-15 00:00:00
Related for DEBIAN_DLA-884.NASL