DebianDEBIAN:DLA-575-1:A1276[SECURITY] [DLA 575-1] collectd security update
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.6 High
AI Score
Confidence
High
0.054 Low
EPSS
Percentile
93.2%
Package : collectd
Version : 5.1.0-3+deb7u1
CVE ID : CVE-2016-6254
Debian Bug : 832507 832577
Emilien Gaspar discovered that collectd, a statistics collection and
monitoring daemon, incorrectly processed incoming network
packets. This resulted in a heap overflow, allowing a remote attacker
to either cause a DoS via application crash, or potentially execute
arbitrary code.
Additionally, security researchers at Columbia University and the
University of Virginia discovered that collectd failed to verify a
return value during initialization. This meant the daemon could
sometimes be started without the desired, secure settings.
For Debian 7 "Wheezy", these problems have been fixed in version
5.1.0-3+deb7u1.
We recommend that you upgrade your collectd packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | armhf | collectd-dbg | < 5.1.0-3+deb7u1 | collectd-dbg_5.1.0-3+deb7u1_armhf.deb |
| Debian | 7 | armel | collectd-utils | < 5.1.0-3+deb7u1 | collectd-utils_5.1.0-3+deb7u1_armel.deb |
| Debian | 8 | arm64 | collectd-utils | < 5.4.1-6+deb8u1 | collectd-utils_5.4.1-6+deb8u1_arm64.deb |
| Debian | 8 | mips | libcollectdclient-dev | < 5.4.1-6+deb8u1 | libcollectdclient-dev_5.4.1-6+deb8u1_mips.deb |
| Debian | 8 | mipsel | collectd | < 5.4.1-6+deb8u1 | collectd_5.4.1-6+deb8u1_mipsel.deb |
| Debian | 7 | amd64 | collectd-core | < 5.1.0-3+deb7u1 | collectd-core_5.1.0-3+deb7u1_amd64.deb |
| Debian | 7 | amd64 | collectd-dbg | < 5.1.0-3+deb7u1 | collectd-dbg_5.1.0-3+deb7u1_amd64.deb |
| Debian | 8 | kfreebsd-i386 | libcollectdclient1 | < 5.4.1-6+deb8u1 | libcollectdclient1_5.4.1-6+deb8u1_kfreebsd-i386.deb |
| Debian | 8 | kfreebsd-amd64 | collectd-core | < 5.4.1-6+deb8u1 | collectd-core_5.4.1-6+deb8u1_kfreebsd-amd64.deb |
| Debian | 8 | amd64 | collectd-dbg | < 5.4.1-6+deb8u1 | collectd-dbg_5.4.1-6+deb8u1_amd64.deb |
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.6 High
AI Score
Confidence
High
0.054 Low
EPSS
Percentile
93.2%