Vulnerability Description
The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| High Availability Linux Project | Heartbeat | 1.2.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/21505Vendor Advisory
- http://secunia.com/advisories/21511Vendor Advisory
- http://secunia.com/advisories/21518Vendor Advisory
- http://secunia.com/advisories/21521Vendor Advisory
- http://secunia.com/advisories/21629Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200608-23.xml
- http://www.debian.org/security/2006/dsa-1151Patch
- http://www.linux-ha.org/SecurityIssuesPatch
- http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:142
- http://www.securityfocus.com/bid/19516Patch
- http://www.ubuntu.com/usn/usn-335-1
- http://www.vupen.com/english/advisories/2006/3288Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28396
- http://secunia.com/advisories/21505Vendor Advisory
FAQ
What is CVE-2006-3121?
CVE-2006-3121 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via...
How severe is CVE-2006-3121?
CVE-2006-3121 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3121?
Check the references section above for vendor advisories and patch information. Affected products include: High Availability Linux Project Heartbeat.