CVE-2002-1215 - Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows i

CVE-2002-1215

Summary

Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).

References

Vulnerable Configurations

cpe:2.3:a:linux-ha:heartbeat:-:*:*:*:*:*:*:*
cpe:2.3:a:linux-ha:heartbeat:-:*:*:*:*:*:*:*
cpe:2.3:a:linux-ha:heartbeat:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:linux-ha:heartbeat:0.4.9:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 10-09-2008 - 19:14)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	5955
conectiva	CLA-2002:540
confirm	http://linux-ha.org/security/sec01.txt
debian	DSA-174
suse	SuSE-SA:2002:037
xf	linuxha-heartbeat-bo(10357)

Last major update

10-09-2008 - 19:14

Published

28-10-2002 - 05:00

Last modified

10-09-2008 - 19:14