ID CVE-2006-3121
Summary The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
References
Vulnerable Configurations
  • cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.3
    cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.3
  • cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.4
    cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.4
  • cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.1
    cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.1
  • cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.2
    cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.2
  • cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.3
    cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.3
  • cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.4
    cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.4
  • cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.5
    cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.5
  • cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.6
    cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.6
CVSS
Base: 5.0 (as of 17-08-2006 - 11:32)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Linux-HA Heartbeat 2.0.6 Remote Denial of Service Vulnerability. CVE-2006-3121. Dos exploit for linux platform
id EDB-ID:28386
last seen 2016-02-03
modified 2006-08-13
published 2006-08-13
reporter Yan Rong Ge
source https://www.exploit-db.com/download/28386/
title Linux-HA Heartbeat <= 2.0.6 - Remote Denial of Service Vulnerability
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-335-1.NASL
    description Yan Rong Ge discovered that heartbeat did not sufficiently verify some packet input data, which could lead to an out-of-boundary memory access. A remote attacker could exploit this to crash the daemon (Denial of Service). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27914
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27914
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : heartbeat vulnerability (USN-335-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_HEARTBEAT-2139.NASL
    description This update fixes both a local and a remote denial of service attack within heartbeat, as well as numerous other bugs in the messaging and membership layer, GUI, Cluster Resource Manager, Local Resource Manager and Resource Agents. (CVE-2006-3815,CVE-2006-3121)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27263
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27263
    title openSUSE 10 Security Update : heartbeat (heartbeat-2139)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200608-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-200608-23 (Heartbeat: Denial of Service) Yan Rong Ge discovered that the peel_netstring() function in cl_netstring.c does not validate the 'length' parameter of user input, which can lead to an out-of-bounds memory access when processing certain Heartbeat messages (CVE-2006-3121). Furthermore an unspecified local DoS issue was fixed (CVE-2006-3815). Impact : By sending a malicious UDP Heartbeat message, even before authentication, a remote attacker can crash the master control process of the cluster. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22285
    published 2006-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22285
    title GLSA-200608-23 : Heartbeat: Denial of Service
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1151.NASL
    description Yan Rong Ge discovered out-of-boundary memory access in heartbeat, the subsystem for High-Availability Linux. This could be used by a remote attacker to cause a denial of service.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22693
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22693
    title Debian DSA-1151-1 : heartbeat - out-of-bounds read
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-142.NASL
    description Two vulnerabilities in heartbeat prior to 2.0.6 was discovered by Yan Rong Ge. The first is that heartbeat would set insecure permissions in an shmget call for shared memory, allowing a local attacker to cause an unspecified denial of service via unknown vectors (CVE-2006-3815). The second is a remote vulnerability that could allow allow the master control process to read invalid memory due to a specially crafted heartbeat message and die of a SEGV, all prior to any authentication (CVE-2006-3121). Updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23891
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23891
    title Mandrake Linux Security Advisory : heartbeat (MDKSA-2006:142)
refmap via4
bid 19516
confirm
debian DSA-1151
gentoo GLSA-200608-23
mandriva MDKSA-2006:142
secunia
  • 21505
  • 21511
  • 21518
  • 21521
  • 21629
ubuntu USN-335-1
vupen ADV-2006-3288
xf heartbeat-packet-dos(28396)
Last major update 20-06-2011 - 00:00
Published 16-08-2006 - 21:04
Last modified 19-07-2017 - 21:32
Back to Top