Bug 1439674 – CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1439674 - (CVE-2017-7401) CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions

Summary:	CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_p...

Status:	CLOSED ERRATA

Aliases:	CVE-2017-7401

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20170213,repor...
Keywords:	Security

Depends On:	1439686 1439687 1439688 1449363 1460079 1460080 1460083 1558830
Blocks:	1439681
	Show dependency tree / graph

Reported:	2017-04-06 07:55 EDT by Andrej Nemec
Modified:	2018-09-04 02:38 EDT (History)
CC List:	46 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-12-07 00:42:26 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:1285	normal	SHIPPED_LIVE	Moderate: collectd security, bug fix, and enhancement update	2017-05-24 11:19:15 EDT
Red Hat Product Errata	RHSA-2017:1787	normal	SHIPPED_LIVE	Moderate: collectd security update	2017-07-19 22:42:22 EDT
Red Hat Product Errata	RHSA-2018:2615	None	None	None	2018-09-04 02:38 EDT

Groups: None (edit)

Description Andrej Nemec 2017-04-06 07:55:38 EDT

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.

Upstream bug:

https://github.com/collectd/collectd/issues/2174

Comment 1 Andrej Nemec 2017-04-06 08:00:36 EDT

Created collectd tracking bugs for this issue:

Affects: epel-6 [bug 1439687]
Affects: epel-7 [bug 1439686]
Affects: fedora-all [bug 1439688]


Created puppet-collectd tracking bugs for this issue:

Affects: openstack-rdo [bug 1439689]

Comment 2 Siddharth Sharma 2017-04-17 05:01:03 EDT

upstream fix:

https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211

Comment 3 Matthias Runge 2017-04-27 08:07:29 EDT

can we please get a tracking bug for collectd in osp optools? I've already built it on CentOS Opstools SIG

https://github.com/centos-opstools/collectd/commit/cfb313abc992b3139fbc740c38311b3fde1d5707
and http://cbs.centos.org/koji/buildinfo?buildID=17012

Comment 4 Sandro Bonazzola 2017-04-28 02:32:31 EDT

Bronce, https://mojo.redhat.com/docs/DOC-1100973 is not complete, missing the Build Strategy. https://errata.devel.redhat.com/advisory/25569 is not marked as multi product errata so we need a tracking bug for RHV 4.1 as well.

Comment 5 Sandro Bonazzola 2017-04-28 09:10:31 EDT

Here's the errata for collectd to be shipped in 4.1.z: https://errata.devel.redhat.com/advisory/28330
Build:
collectd-5.7.1-3.el7 ready on Tag: rhlog-1.0-rhel-7-candidate
it required also:
riemann-c-client-1.6.1-4.el7 ready on Tag: rhlog-1.0-rhel-7-candidate

Comment 7 errata-xmlrpc 2017-05-24 07:25:49 EDT

This issue has been addressed in the following products:

  RHEV Engine version 4.1
  RHEV 4.X RHEV-H and Agents for RHEL-7

Via RHSA-2017:1285 https://access.redhat.com/errata/RHSA-2017:1285

Comment 12 errata-xmlrpc 2017-07-19 18:43:11 EDT

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7

Via RHSA-2017:1787 https://access.redhat.com/errata/RHSA-2017:1787

Comment 16 errata-xmlrpc 2018-09-04 02:38:34 EDT

This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7

Via RHSA-2018:2615 https://access.redhat.com/errata/RHSA-2018:2615

Note You need to log in before you can comment on or make changes to this bug.

aortega
apevec
ayoung
bmcclain
chrisw
cvsbot-xmlrpc
dblechte
didi
eedri
gmollett
gregswift
jbadiapa
jjoyce
jschluet
kbasil
kevin
kseifried
lars
lhh
lpeer
mail
markmc
mburns
mgoldboi
mhlavink
michal.skrivanek
mmagr
mrunge
rbryant
rh
rhos-maint
rmccabe
ruben
sbonazzo
sclewis
security-response-team
sisharma
slinaber
slong
smohan
ssaha
tdecacqu
tvignaud
vbellur
ykaul
ylavi