The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins.
Weaknesses in this category are related to improper management of system resources.
Link | Tags |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | vendor advisory |
http://secunia.com/advisories/42491 | third party advisory vendor advisory |
http://www.debian.org/security/2010/dsa-2133 | vendor advisory |
http://secunia.com/advisories/42846 | third party advisory |
http://www.vupen.com/english/advisories/2011/0041 | vdb entry |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605092 | |
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052875.html | vendor advisory |
http://www.vupen.com/english/advisories/2010/3196 | vdb entry vendor advisory |
http://collectd.org/news.shtml#news86 | |
http://www.securityfocus.com/bid/45075 | vdb entry |
http://secunia.com/advisories/42393 | third party advisory vendor advisory |