Bug 1439674 (CVE-2017-7401) - CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions
Summary: CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_p...
Status: CLOSED ERRATA
Alias: CVE-2017-7401
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20170213,repor...
Keywords: Security
Depends On: 1439686 1439687 1439688 1449363 1460079 1460080 1460083 1558830
Blocks: 1439681
TreeView+ depends on / blocked
 
Reported: 2017-04-06 11:55 UTC by Andrej Nemec
Modified: 2019-06-08 21:54 UTC (History)
46 users (show)

(edit)
collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service.
Clone Of:
(edit)
Last Closed: 2017-12-07 05:42:26 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1285 normal SHIPPED_LIVE Moderate: collectd security, bug fix, and enhancement update 2017-05-24 15:19:15 UTC
Red Hat Product Errata RHSA-2017:1787 normal SHIPPED_LIVE Moderate: collectd security update 2017-07-20 02:42:22 UTC
Red Hat Product Errata RHSA-2018:2615 None None None 2018-09-04 06:38 UTC

Description Andrej Nemec 2017-04-06 11:55:38 UTC
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.

Upstream bug:

https://github.com/collectd/collectd/issues/2174

Comment 1 Andrej Nemec 2017-04-06 12:00:36 UTC
Created collectd tracking bugs for this issue:

Affects: epel-6 [bug 1439687]
Affects: epel-7 [bug 1439686]
Affects: fedora-all [bug 1439688]


Created puppet-collectd tracking bugs for this issue:

Affects: openstack-rdo [bug 1439689]

Comment 3 Matthias Runge 2017-04-27 12:07:29 UTC
can we please get a tracking bug for collectd in osp optools? I've already built it on CentOS Opstools SIG

https://github.com/centos-opstools/collectd/commit/cfb313abc992b3139fbc740c38311b3fde1d5707
and http://cbs.centos.org/koji/buildinfo?buildID=17012

Comment 4 Sandro Bonazzola 2017-04-28 06:32:31 UTC
Bronce, https://mojo.redhat.com/docs/DOC-1100973 is not complete, missing the Build Strategy. https://errata.devel.redhat.com/advisory/25569 is not marked as multi product errata so we need a tracking bug for RHV 4.1 as well.

Comment 5 Sandro Bonazzola 2017-04-28 13:10:31 UTC
Here's the errata for collectd to be shipped in 4.1.z: https://errata.devel.redhat.com/advisory/28330
Build:
collectd-5.7.1-3.el7 ready on Tag: rhlog-1.0-rhel-7-candidate
it required also:
riemann-c-client-1.6.1-4.el7 ready on Tag: rhlog-1.0-rhel-7-candidate

Comment 7 errata-xmlrpc 2017-05-24 11:25:49 UTC
This issue has been addressed in the following products:

  RHEV Engine version 4.1
  RHEV 4.X RHEV-H and Agents for RHEL-7

Via RHSA-2017:1285 https://access.redhat.com/errata/RHSA-2017:1285

Comment 12 errata-xmlrpc 2017-07-19 22:43:11 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7

Via RHSA-2017:1787 https://access.redhat.com/errata/RHSA-2017:1787

Comment 16 errata-xmlrpc 2018-09-04 06:38:34 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7

Via RHSA-2018:2615 https://access.redhat.com/errata/RHSA-2018:2615


Note You need to log in before you can comment on or make changes to this bug.