Package: collectd Version: 4.4.2-3 Severity: important Tags: patch, security, upstream, fixed-upstream
When creating a new RRD file, the RRDtool and RRDCacheD plugins assert(3) that the timestamp included with a value is greater than 10 (i.e. after January 1st, 1970, 00:00:10 UTC). However, this condition is not actually checked anywhere, making it possible for this assertion to fail. In the common scenario that data is received via the Network plugin and written to disk via the RRDtool or RRDCacheD plugin, it is easily possible to trigger this problem by sending a specifically crafted Network packet. If the Network plugin is configured with the "Sign" or "Encrypt" "security levels", an attacker needs to know the pre-shared key to trigger the problem. Other plugins, for example the UnixSock and Exec plugins, can be used to trigger the problem as well. However, access to these mechanisms is usually not available to the general public. The existence of this problem has only been verified in version 4.10.1-1+squeeze1~bpo50+1 of the package, but the offending code first appeared in version 4.0.8 of collectd (commit 9d52ed5f). It is therefore safe to assume that all versions since 4.0.8 are vulnerable, including version 4.4.2-3 included in Debian Lenny. The issue has been fixed upstream in commit 11893a7c. The fix is included in the new upstream versions 4.9.4 and 4.10.2. Porting the fix back to 4.10.1-1+squeeze1 should be trivial. Regards, —octo [0] <http://git.verplant.org/?p=collectd.git;a=commitdiff;h=11893a7c85389e6d8a07d1ee8473294767c7ccb9> -- Florian octo Forster Hacker in training GnuPG: 0x0C705A15 http://octo.it/
signature.asc
Description: Digital signature