Computer Security
[EN] securityvulns.ru no-pyccku


Heartbeat claster software multiple DoS conditions
updated since 28.07.2006
Published:31.07.2007
Source:
SecurityVulns ID:6421
Type:remote
Threat Level:
5/10
Description:shmget shared memory section call weak permissions. remote DoS on heartbeat network messages parsing.
Affected:HEARTBEAT : Heartbeat 1.2
 HEARTBEAT : Heartbeat 2.0
 BLUECATNETWORKS : Adonis 5.0
CVE:CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.)
 CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.)
Original documentdocumentanonymous.c7ffa4057a_(at)_anonymousspeech.com, TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability (31.07.2007)
 documentNash Leon, [Full-disclosure] Heartbeat Shared Memory - Local Denial of Service Exploit (28.07.2006)
Files:Exploits Heartbeat < 2.0.6 Insecure Shared Memory - Local Denial of Service

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod