Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3121

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3121
Last Modified 20 Jun 2011 12:00:00
Published 16 Aug 2006 09:04:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3121

Summary

The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.

Vulnerable Systems

Application

  • High Availability Linux Project Heartbeat 1.2.3

  • High Availability Linux Project Heartbeat 1.2.4

  • High Availability Linux Project Heartbeat 2.0.1

  • High Availability Linux Project Heartbeat 2.0.2

  • High Availability Linux Project Heartbeat 2.0.3

  • High Availability Linux Project Heartbeat 2.0.4

  • High Availability Linux Project Heartbeat 2.0.5

  • High Availability Linux Project Heartbeat 2.0.6


References

BID - 19516

CONFIRM - http://www.linux-ha.org/SecurityIssues

DEBIAN - DSA-1151

XF - heartbeat-packet-dos(28396)

VUPEN - ADV-2006-3288

UBUNTU - USN-335-1

MANDRIVA - MDKSA-2006:142

CONFIRM - http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt

GENTOO - GLSA-200608-23

SECUNIA - 21629

SECUNIA - 21521

SECUNIA - 21518

SECUNIA - 21511

SECUNIA - 21505


Last Updated: 27 May 2016 10:42:54