Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-4336 | First vendor Publication | 2010-12-17 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4336 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12677 | |||
| Oval ID: | oval:org.mitre.oval:def:12677 | ||
| Title: | DSA-2133-1 collectd -- denial of service | ||
| Description: | It was discovered that collectd, a statistics collection and monitoring daemon, is prone to a denial of service attach via a crafted network packet. For the stable distribution, this problem has been fixed in version 4.4.2-3+lenny1. For the testing distribution, this problem has been fixed in version 4.10.1-1+squeeze2. For the unstable distribution, this problem has been fixed in version 4.10.1-2.1. This advisory only contains the packages for the alpha, amd64, arm, armel, hppa, i386, ia64, mips, powerpc, s390 and sparc architectures. The packages for the mipsel architecture will be released soon. We recommend that you upgrade your collectd packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2133-1 CVE-2010-4336 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | collectd |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-01-11 | Name : Fedora Update for collectd FEDORA-2010-19031 File : nvt/gb_fedora_2010_19031_collectd_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69507 | collectd src/utils_rrdcreate.c cu_rrd_create_file() Function Remote DoS collectd contains a flaw that may allow a remote denial of service. The issue is triggered when an assertion error within the "cu_rrd_create_file()" function in src/utils_rrdcreate.c is exploited to trigger an assertion. This will result in loss of availability. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-01-07 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19031.nasl - Type : ACT_GATHER_INFO |
| 2010-12-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2133.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:06:40 |
|
| 2024-11-28 12:23:38 |
|
| 2021-05-04 12:12:33 |
|
| 2021-04-22 01:13:28 |
|
| 2020-05-23 00:26:57 |
|
| 2016-04-26 20:15:03 |
|
| 2014-02-21 13:21:31 |
|
| 2014-02-17 10:58:42 |
|
| 2013-05-10 23:37:26 |
|
