DSA-3636-1 collectd -- collectdID: oval:org.secpod.oval:def:602575 | Date: (C)2016-08-09 (M)2023-12-20 |
Class: PATCH | Family: unix |
Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code. Additionally, security researchers at Columbia University and the University of Virginia discovered that collectd failed to verify a return value during initialization. This meant the daemon could sometimes be started without the desired, secure settings.