The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Linux-HA Heartbeat

computer vulnerability CVE-2006-3121

Linux-HA: denial of service of heartbeat

Synthesis of the vulnerability

A remote attacker can send a malicious message in order to generate a denial of service on heartbeat.
Impacted products: Debian, Linux-HA Heartbeat, Mandriva Linux.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 16/08/2006.
Identifiers: BID-19516, CERTA-2006-AVI-336, CERTA-2006-AVI-360, CVE-2006-3121, DSA-1151-1, MDKSA-2006:142, VIGILANCE-VUL-6085.

Description of the vulnerability

The Heartbeat environment ensures high availability on Linux.

A remote attacker can send a malicious message in order to force heartbeat to read a memory area past the end of buffer.

This vulnerability, which occurs before authentication, generates a denial of service on heartbeat.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2006-3815

Linux-HA: denial of service of heartbeat

Synthesis of the vulnerability

A local attacker can access to a shared memory area in order to generate a denial of service on heartbeat.
Impacted products: Debian, Linux-HA Heartbeat, Mandriva Linux.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 28/07/2006.
Revision date: 28/07/2006.
Identifiers: BID-19186, CVE-2006-3815, DSA-1128-1, MDKSA-2006:142, VIGILANCE-VUL-6045.

Description of the vulnerability

Communications between processes (ipc) are based on:
 - shared memory segments (shm)
 - message queues (msg)
 - semaphores (sem)

The shmget() function obtains a shared memory segment, and has the following prototype:
  int shmget(key_t key, int size, int shmflg);
The shmflags parameter contains the mode in its 9 least significant bits.

However, heartbeat uses shmget() with a mode of 0666. A local attacker can thus access to segment. This vulnerability leads to a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2005-2231

Heartbeat : corruption de fichier

Synthesis of the vulnerability

Un attaquant local peut altérer un fichier lors de l'exécution de Heartbeat.
Impacted products: Debian, Linux-HA Heartbeat.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 19/07/2005.
Identifiers: 773-1, BID-14233, CVE-2005-2231, DSA-761, DSA-761-1, DSA-773-1, MDKSA-2005:132, V6-LINUXHEARBEATSYMLINK, VIGILANCE-VUL-5077.

Description of the vulnerability

L'environnement Heartbeat permet d'assurer la haute disponibilité sur un système Linux.

Lors de son fonctionnement, les programmes cts/CTStests.py et heartbeat/lib/BasicSanityCheck créent des fichiers temporaires sous /tmp de manière non sûre.

Un attaquant local peut donc utiliser une attaque par substitution de lien symbolique pour modifier un fichier du système.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.