| Vulnerability Name: | CVE-2006-3121 (CCN-28396) | ||||||||||||
| Assigned: | 2006-08-13 | ||||||||||||
| Published: | 2006-08-13 | ||||||||||||
| Updated: | 2017-07-20 | ||||||||||||
| Summary: | The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-399 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Jul 29 2007 - 13:32:52 CDT TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability Source: MITRE Type: CNA CVE-2006-3121 Source: SECUNIA Type: Vendor Advisory 21505 Source: CCN Type: SA21511 Heartbeat Denial of Service Vulnerability Source: SECUNIA Type: Vendor Advisory 21511 Source: SECUNIA Type: Vendor Advisory 21518 Source: SECUNIA Type: Vendor Advisory 21521 Source: SECUNIA Type: Vendor Advisory 21629 Source: GENTOO Type: UNKNOWN GLSA-200608-23 Source: CCN Type: BlueCat Networks Web site Adonis Family of DNS/DHCP Management Appliances Source: DEBIAN Type: Patch DSA-1151 Source: DEBIAN Type: DSA-1151 heartbeat -- out-of-bounds read Source: CCN Type: GLSA-200608-23 Heartbeat: Denial of Service Source: CCN Type: Linux-HA Web site Linux-HA / OpenHA Project Download Area Source: CONFIRM Type: Patch http://www.linux-ha.org/SecurityIssues Source: CCN Type: High Availability Linux Project Web site, 08/13/2006 Local and remote denial of service vulnerability in heartbeat, SecurityIssues__sec03 Source: CCN Type: Linux HA Web site SecurityIssues__sec03 Source: CONFIRM Type: UNKNOWN http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt Source: MANDRIVA Type: UNKNOWN MDKSA-2006:142 Source: CCN Type: OSVDB ID: 27955 Heartbeat Unspecified Remote DoS Source: CCN Type: OSVDB ID: 39396 BlueCat Networks Adonis XHA (Linux-HA) Heartbeat UDP DoS Source: BID Type: Patch 19516 Source: CCN Type: BID-19516 Linux-HA Heartbeat Remote Denial of Service Vulnerability Source: CCN Type: USN-335-1 heartbeat vulnerability Source: UBUNTU Type: UNKNOWN USN-335-1 Source: VUPEN Type: Vendor Advisory ADV-2006-3288 Source: XF Type: UNKNOWN heartbeat-peelnetstring-dos(28396) Source: XF Type: UNKNOWN heartbeat-packet-dos(28396) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||