Search criteria
5 vulnerabilities by linux-ha
CVE-2015-1198 (GCVE-0-2015-1198)
Vulnerability from cvelistv5 – Published: 2017-08-28 15:00 – Updated: 2024-08-06 04:33
VLAI
Summary
Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/18/8 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/72103 | vdb-entryx_refsource_BID |
Date Public
2015-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150118 Re: CVE Request: ha -- directory traversals",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/18/8"
},
{
"name": "72103",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150118 Re: CVE Request: ha -- directory traversals",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/18/8"
},
{
"name": "72103",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150118 Re: CVE Request: ha -- directory traversals",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/18/8"
},
{
"name": "72103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1198",
"datePublished": "2017-08-28T15:00:00.000Z",
"dateReserved": "2015-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3389 (GCVE-0-2010-3389)
Vulnerability from cvelistv5 – Published: 2010-10-20 17:00 – Updated: 2024-08-07 03:11
VLAI
Summary
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=639044 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2011/0416 | vdb-entryx_refsource_VUPEN |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549 | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2011-02… | vendor-advisoryx_refsource_REDHAT |
| http://www.redhat.com/support/errata/RHSA-2011-10… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/43372 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2011-15… | vendor-advisoryx_refsource_REDHAT |
| http://security.gentoo.org/glsa/glsa-201110-18.xml | vendor-advisoryx_refsource_GENTOO |
Date Public
2010-09-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:43.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639044"
},
{
"name": "ADV-2011-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549"
},
{
"name": "RHSA-2011:0264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0264.html"
},
{
"name": "RHSA-2011:1000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1000.html"
},
{
"name": "43372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43372"
},
{
"name": "RHSA-2011:1580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1580.html"
},
{
"name": "GLSA-201110-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201110-18.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-23T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639044"
},
{
"name": "ADV-2011-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549"
},
{
"name": "RHSA-2011:0264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0264.html"
},
{
"name": "RHSA-2011:1000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1000.html"
},
{
"name": "43372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43372"
},
{
"name": "RHSA-2011:1580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1580.html"
},
{
"name": "GLSA-201110-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201110-18.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=639044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639044"
},
{
"name": "ADV-2011-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0416"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549"
},
{
"name": "RHSA-2011:0264",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0264.html"
},
{
"name": "RHSA-2011:1000",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1000.html"
},
{
"name": "43372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43372"
},
{
"name": "RHSA-2011:1580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1580.html"
},
{
"name": "GLSA-201110-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201110-18.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3389",
"datePublished": "2010-10-20T17:00:00.000Z",
"dateReserved": "2010-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:11:43.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4205 (GCVE-0-2007-4205)
Vulnerability from cvelistv5 – Published: 2007-08-08 01:52 – Updated: 2024-08-07 14:46
VLAI
Summary
XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1018505 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2007/2767 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/39396 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/26265 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2978 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/475455/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/475065/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018505",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018505"
},
{
"name": "ADV-2007-2767",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2767"
},
{
"name": "39396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39396"
},
{
"name": "26265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26265"
},
{
"name": "2978",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2978"
},
{
"name": "20070803 Re: TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475455/100/0/threaded"
},
{
"name": "20070729 TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475065/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018505",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018505"
},
{
"name": "ADV-2007-2767",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2767"
},
{
"name": "39396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39396"
},
{
"name": "26265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26265"
},
{
"name": "2978",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2978"
},
{
"name": "20070803 Re: TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475455/100/0/threaded"
},
{
"name": "20070729 TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475065/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018505",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018505"
},
{
"name": "ADV-2007-2767",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2767"
},
{
"name": "39396",
"refsource": "OSVDB",
"url": "http://osvdb.org/39396"
},
{
"name": "26265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26265"
},
{
"name": "2978",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2978"
},
{
"name": "20070803 Re: TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475455/100/0/threaded"
},
{
"name": "20070729 TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475065/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4205",
"datePublished": "2007-08-08T01:52:00.000Z",
"dateReserved": "2007-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3815 (GCVE-0-2006-3815)
Vulnerability from cvelistv5 – Published: 2006-07-24 22:00 – Updated: 2024-08-07 18:48
VLAI
Summary
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2006-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21231"
},
{
"name": "ADV-2006-2994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2994"
},
{
"name": "GLSA-200608-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-23.xml"
},
{
"name": "21629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21629"
},
{
"name": "DSA-1128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt"
},
{
"name": "MDKSA-2006:142",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:142"
},
{
"name": "1016602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016602"
},
{
"name": "21162",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21162"
},
{
"name": "19186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19186"
},
{
"name": "USN-326-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-326-1"
},
{
"name": "21240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21240"
},
{
"name": "21521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513\u0026r2=1.514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-07-28T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21231"
},
{
"name": "ADV-2006-2994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2994"
},
{
"name": "GLSA-200608-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-23.xml"
},
{
"name": "21629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21629"
},
{
"name": "DSA-1128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt"
},
{
"name": "MDKSA-2006:142",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:142"
},
{
"name": "1016602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016602"
},
{
"name": "21162",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21162"
},
{
"name": "19186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19186"
},
{
"name": "USN-326-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-326-1"
},
{
"name": "21240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21240"
},
{
"name": "21521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513\u0026r2=1.514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21231"
},
{
"name": "ADV-2006-2994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2994"
},
{
"name": "GLSA-200608-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-23.xml"
},
{
"name": "21629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21629"
},
{
"name": "DSA-1128",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1128"
},
{
"name": "http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html",
"refsource": "CONFIRM",
"url": "http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html"
},
{
"name": "http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt",
"refsource": "CONFIRM",
"url": "http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt"
},
{
"name": "MDKSA-2006:142",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:142"
},
{
"name": "1016602",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016602"
},
{
"name": "21162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21162"
},
{
"name": "19186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19186"
},
{
"name": "USN-326-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-326-1"
},
{
"name": "21240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21240"
},
{
"name": "21521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21521"
},
{
"name": "http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513\u0026r2=1.514",
"refsource": "CONFIRM",
"url": "http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513\u0026r2=1.514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3815",
"datePublished": "2006-07-24T22:00:00.000Z",
"dateReserved": "2006-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1215 (GCVE-0-2002-1215)
Vulnerability from cvelistv5 – Published: 2002-10-21 04:00 – Updated: 2024-08-08 03:19
VLAI
Summary
Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2002/dsa-174 | vendor-advisoryx_refsource_DEBIAN |
| http://www.iss.net/security_center/static/10357.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/5955 | vdb-entryx_refsource_BID |
| http://linux-ha.org/security/sec01.txt | x_refsource_CONFIRM |
Date Public
2002-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2002:540",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000540"
},
{
"name": "SuSE-SA:2002:037",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_037_heartbeat.html"
},
{
"name": "DSA-174",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-174"
},
{
"name": "linuxha-heartbeat-bo(10357)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10357.php"
},
{
"name": "5955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux-ha.org/security/sec01.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-11-10T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2002:540",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000540"
},
{
"name": "SuSE-SA:2002:037",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_037_heartbeat.html"
},
{
"name": "DSA-174",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-174"
},
{
"name": "linuxha-heartbeat-bo(10357)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10357.php"
},
{
"name": "5955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux-ha.org/security/sec01.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2002:540",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000540"
},
{
"name": "SuSE-SA:2002:037",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_037_heartbeat.html"
},
{
"name": "DSA-174",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-174"
},
{
"name": "linuxha-heartbeat-bo(10357)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10357.php"
},
{
"name": "5955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5955"
},
{
"name": "http://linux-ha.org/security/sec01.txt",
"refsource": "CONFIRM",
"url": "http://linux-ha.org/security/sec01.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1215",
"datePublished": "2002-10-21T04:00:00.000Z",
"dateReserved": "2002-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:19:28.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}