CVE-2006-3121
Gravedad CVSS v2.0:
MEDIA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
17/08/2006
Última modificación:
03/04/2025
Descripción
La función peel_netstring en cl_netstring.c en el subsistema de pulso (heartbeat) en High_Availability Linux aneriora 1.2.5, y 2.0 anterior a 2.0.7, permite a atacantes remotos provocar una denegación de servicio (caída) a través del parámetro length en un mensaje de latido.
Impacto
Puntuación base 2.0
5.00
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.6:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://secunia.com/advisories/21505
- http://secunia.com/advisories/21511
- http://secunia.com/advisories/21518
- http://secunia.com/advisories/21521
- http://secunia.com/advisories/21629
- http://security.gentoo.org/glsa/glsa-200608-23.xml
- http://www.debian.org/security/2006/dsa-1151
- http://www.linux-ha.org/SecurityIssues
- http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A142
- http://www.securityfocus.com/bid/19516
- http://www.ubuntu.com/usn/usn-335-1
- http://www.vupen.com/english/advisories/2006/3288
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28396
- http://secunia.com/advisories/21505
- http://secunia.com/advisories/21511
- http://secunia.com/advisories/21518
- http://secunia.com/advisories/21521
- http://secunia.com/advisories/21629
- http://security.gentoo.org/glsa/glsa-200608-23.xml
- http://www.debian.org/security/2006/dsa-1151
- http://www.linux-ha.org/SecurityIssues
- http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A142
- http://www.securityfocus.com/bid/19516
- http://www.ubuntu.com/usn/usn-335-1
- http://www.vupen.com/english/advisories/2006/3288
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28396