Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Gentoo: GLSA-201803-10 High: collectd Privilege Escalation Risk

gentoo
Calendar Grey March 22, 2018
Dist Gentoo Esm H88
Gentoo's collectd faces several critical vulnerabilities that could potentially lead to privilege escalation and denial of service threats.
Gentoo's collectd package contains multiple vulnerabilities, the worst of which may allow local attackers to escalate privileges.

Summary

Multiple vulnerabilities have been found in Gentoo's collectd package. Please review the referenced CVE identifiers and bug entries for details.

Topics%20covered

Topics Covered

security advisory Gentoo high severity security issue privilege escalation Denial of Service collectd

Resolution

All collectd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/collectd-5.7.2-r1"

References

[ 1 ] CVE-2017-16820 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16820 [ 2 ] CVE-2017-18240 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18240

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201803-10
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: collectd: Multiple vulnerabilities
Date: March 22, 2018
Bugs: #628540, #637538
ID: 201803-10

Topics%20covered

Topics Covered

security advisory Gentoo high severity security issue privilege escalation Denial of Service collectd

Synopsis

Gentoo's collectd package contains multiple vulnerabilities, the worst of which may allow local attackers to escalate privileges.

Background

collectd is a daemon which collects system and application performance metrics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/collectd < 5.7.2-r1 >= 5.7.2-r1

Impact

===== A local attacker, who either is already collectd's system user or belongs to collectd's group, could potentially gain root privileges and cause a Denial of Service condition. Remote attackers could cause a Denial of Service condition via specially crafted SNMP responses.

Workaround

There is no known workaround at this time.

Related News

Your message here