Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2006-3815

Published: 25/07/2006 Updated: 17/10/2011
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 215
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Heartbeat

Vulnerability Summary

heartbeat.c in heartbeat prior to 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.

Vulnerable Product Search on Vulmon Subscribe to Product

linux-ha heartbeat

Vendor Advisories

Debian CVElist Bug Report Logs: heartbeat: Local DoS due to world-writable shared memory [CVE-2006-3815]
Debian Bug report logs - #379904 heartbeat: Local DoS due to world-writable shared memory [CVE-2006-3815] Package: heartbeat; Maintainer for heartbeat is Debian HA Maintainers <debian-ha-maintainers@listsaliothdebianorg>; Source for heartbeat is src:heartbeat (PTS, buildd, popcon) Reported by: Martin Pitt <martinpitt@ ...
Ubuntu Security Notice: heartbeat vulnerability
Yan Rong Ge discovered that heartbeat did not set proper permissions for an allocated shared memory segment A local attacker could exploit this to render the heartbeat service unavailable (Denial of Service) ...
Debian Security Advisories: DSA-1128-1 heartbeat -- permission error
Yan Rong Ge discovered that wrong permissions on a shared memory page in heartbeat, the subsystem for High-Availability Linux could be exploited by a local attacker to cause a denial of service For the stable distribution (sarge) this problem has been fixed in version 123-9sarge5 For the unstable distribution (sid) this problem will be fixed so ...

Exploits

Exploit DB: Linux-HA Heartbeat 1.2.3/2.0.x - Insecure Default Permissions on Shared Memory
source: wwwsecurityfocuscom/bid/19186/info Since Linux-HA Heartbeat has insecure default permissions set on shared memory, local attackers may be able to cause a denial of service Exploitation would most likely result in a system crash, loss of data, and resource exhaustion, leading to a denial of service if critical files are accessed ...

References

CWE-264http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.htmlhttp://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514http://www.debian.org/security/2006/dsa-1128http://www.ubuntu.com/usn/usn-326-1http://www.securityfocus.com/bid/19186http://secunia.com/advisories/21162http://secunia.com/advisories/21231http://secunia.com/advisories/21240http://securitytracker.com/id?1016602http://www.linux-ha.org/_cache/SecurityIssues__sec03.txthttp://secunia.com/advisories/21521http://security.gentoo.org/glsa/glsa-200608-23.xmlhttp://secunia.com/advisories/21629http://www.mandriva.com/security/advisories?name=MDKSA-2006:142http://www.vupen.com/english/advisories/2006/2994https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379904https://usn.ubuntu.com/326-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/28287/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook