#VU6706 Infinite loop in collectd - CVE-2017-7401

Cybersecurity Help s.r.o.

Published: 2017-05-24

Vulnerability identifier: #VU6706

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-7401

CWE-ID: CWE-399

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
collectd
Server applications / DLP, anti-spam, sniffers

Vendor: collectd

Description
The vulnerability allows a remote attacker to cause denial of service (DoS) conditions.

The vulnerability exists due to improper input validation when processing UDP requests within the parse_packet() and parse_part_sign_sha256() functions in network.c.A remote attacker can send specially crafted UDP packets to vulnerable instance of collectd and trigger infinite loop.

Successful exploitation of the vulnerability may allow an attacker to cause denial of service (DoS) conditions, but requires that collectd is configured with "SecurityLevel None" and with empty "AuthFile" options.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

collectd: 5.7.0 - 5.7.1

External links
https://github.com/collectd/collectd/issues/2174

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for collectd

Infinite loop in collectd (Alpine package)

Red Hat update for collectd

Amazon Linux AMI update for collectd

Remote DoS in collectd