CVE-2006-3815
CVSS2.1
发布时间 :2006-07-25 09:22:00
修订时间 :2011-10-17 00:00:00
NMCOPS    

[原文]heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.


[CNNVD]Linux-HA Heartbeat 'heartbeat.c' 未明拒绝服务攻击漏洞(CNNVD-200607-431)

        heartbeat 2.0.6之前版本中的heartbeat.c在共享内存的shmget调用中设置不安全的权限,本地用户可以借助可能在启动时的短时窗口期间的未知向量,引起未明拒绝服务。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3815
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3815
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-431
(官方数据源) CNNVD

- 其它链接及资源

http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html
(PATCH)  CONFIRM  http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html
http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514
(PATCH)  CONFIRM  http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514
http://www.vupen.com/english/advisories/2006/2994
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2994
http://www.ubuntu.com/usn/usn-326-1
(UNKNOWN)  UBUNTU  USN-326-1
http://www.securityfocus.com/bid/19186
(UNKNOWN)  BID  19186
http://www.mandriva.com/security/advisories?name=MDKSA-2006:142
(UNKNOWN)  MANDRIVA  MDKSA-2006:142
http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt
(UNKNOWN)  CONFIRM  http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt
http://www.debian.org/security/2006/dsa-1128
(UNKNOWN)  DEBIAN  DSA-1128
http://securitytracker.com/id?1016602
(UNKNOWN)  SECTRACK  1016602
http://security.gentoo.org/glsa/glsa-200608-23.xml
(UNKNOWN)  GENTOO  GLSA-200608-23
http://secunia.com/advisories/21629
(VENDOR_ADVISORY)  SECUNIA  21629
http://secunia.com/advisories/21521
(VENDOR_ADVISORY)  SECUNIA  21521
http://secunia.com/advisories/21240
(VENDOR_ADVISORY)  SECUNIA  21240
http://secunia.com/advisories/21231
(VENDOR_ADVISORY)  SECUNIA  21231
http://secunia.com/advisories/21162
(VENDOR_ADVISORY)  SECUNIA  21162

- 漏洞信息

Linux-HA Heartbeat 'heartbeat.c' 未明拒绝服务攻击漏洞
低危 权限许可和访问控制
2006-07-25 00:00:00 2006-07-28 00:00:00
本地  
        heartbeat 2.0.6之前版本中的heartbeat.c在共享内存的shmget调用中设置不安全的权限,本地用户可以借助可能在启动时的短时窗口期间的未知向量,引起未明拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Linux-HA heartbeat 1.2.3
        Mandriva heartbeat-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva heartbeat-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva heartbeat-ldirectord-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva heartbeat-ldirectord-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva heartbeat-pils-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva heartbeat-pils-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva heartbeat-stonith-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva heartbeat-stonith-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva lib64heartbeat-pils0-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva lib64heartbeat-pils0-devel-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva lib64heartbeat-stonith0-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva lib64heartbeat-stonith0-devel-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva lib64heartbeat0-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva lib64heartbeat0-devel-1.2.3-2.3.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva libheartbeat-pils0-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva libheartbeat-pils0-devel-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva libheartbeat-stonith0-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva libheartbeat-stonith0-devel-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva libheartbeat0-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva libheartbeat0-devel-1.2.3-2.3.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Linux-HA heartbeat 2.0
        Linux-HA heartbeat-2.0.7.tar.gz
        http://linux-ha.org/download/heartbeat-2.0.7.tar.gz
        Linux-HA heartbeat 2.0.1
        Linux-HA heartbeat-2.0.7.tar.gz
        http://linux-ha.org/download/heartbeat-2.0.7.tar.gz
        Linux-HA heartbeat 2.0.2
        Linux-HA heartbeat-2.0.7.tar.gz
        http://linux-ha.org/download/heartbeat-2.0.7.tar.gz
        Linux-HA heartbeat 2.0.3
        Linux-HA heartbeat-2.0.7.tar.gz
        http://linux-ha.org/download/heartbeat-2.0.7.tar.gz
        Linux-HA heartbeat 2.0.4
        Linux-HA heartbeat-2.0.7.tar.gz
        http://linux-ha.org/download/heartbeat-2.0.7.tar.gz
        Linux-HA heartbeat 2.0.5
        Linux-HA heartbeat-2.0.7.tar.gz
        http://linux-ha.org/download/heartbeat-2.0.7.tar.gz
        

- 漏洞信息 (F49467)

Gentoo Linux Security Advisory 200608-23 (PacketStormID:F49467)
2006-08-28 00:00:00
Gentoo  security.gentoo.org
advisory,local
linux,gentoo
CVE-2006-3121,CVE-2006-3815
[点击下载]

Gentoo Linux Security Advisory GLSA 200608-23 - Yan Rong Ge discovered that the peel_netstring() function in cl_netstring.c does not validate the length parameter of user input, which can lead to an out-of-bounds memory access when processing certain Heartbeat messages. Furthermore an unspecified local DoS issue was fixed. Versions less than 2.0.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200608-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Heartbeat: Denial of Service
      Date: August 24, 2006
      Bugs: #141894
        ID: 200608-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Heartbeat is vulnerable to a Denial of Service which can be triggered
by a remote attacker without authentication.

Background
==========

Heartbeat is a component of the High-Availability Linux project. It is
used to perform death-of-node detection, communications and cluster
management.

Affected packages
=================

    -------------------------------------------------------------------
     Package                /  Vulnerable  /                Unaffected
    -------------------------------------------------------------------
  1  sys-cluster/heartbeat       < 2.0.7                      >= 2.0.7

Description
===========

Yan Rong Ge discovered that the peel_netstring() function in
cl_netstring.c does not validate the "length" parameter of user input,
which can lead to an out-of-bounds memory access when processing
certain Heartbeat messages (CVE-2006-3121). Furthermore an unspecified
local DoS issue was fixed (CVE-2006-3815).

Impact
======

By sending a malicious UDP Heartbeat message, even before
authentication, a remote attacker can crash the master control process
of the cluster.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Heartbeat users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-cluster/heartbeat-2.0.7"

References
==========

  [ 1 ] CVE-2006-3121
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3121
  [ 2 ] CVE-2006-3815
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3815

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200608-23.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
    

- 漏洞信息 (F49305)

Mandriva Linux Security Advisory 2006.142 (PacketStormID:F49305)
2006-08-27 00:00:00
Mandriva  mandriva.com
advisory,vulnerability
linux,mandriva
CVE-2006-3121,CVE-2006-3815
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-142 - Two vulnerabilities by Yan Rong Ge in heartbeat versions prior to 2.0.6.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:142
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : heartbeat
 Date    : August 14, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Two vulnerabilities in heartbeat prior to 2.0.6 was discovered by Yan
 Rong Ge.  The first is that heartbeat would set insecure permissions in
 an shmget call for shared memory, allowing a local attacker to cause an
 unspecified denial of service via unknown vectors (CVE-2006-3815).
 
 The second is a remote vulnerability that could allow allow the master
 control process to read invalid memory due to a specially crafted
 heartbeat message and die of a SEGV, all prior to any authentication
 (CVE-2006-3121).
 
 Updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3121
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3815
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 7797a304e73645cb0dd518936b6a0d59  2006.0/RPMS/heartbeat-1.2.3-5.2.20060mdk.i586.rpm
 9024d2ddeabed550864f4087f5d1203a  2006.0/RPMS/heartbeat-ldirectord-1.2.3-5.2.20060mdk.i586.rpm
 0cc86c13aa345167fc28732ad8d4c488  2006.0/RPMS/heartbeat-pils-1.2.3-5.2.20060mdk.i586.rpm
 32ae04a5e100527f28005cc95d58bab3  2006.0/RPMS/heartbeat-stonith-1.2.3-5.2.20060mdk.i586.rpm
 0b0c39c8f6bc55a1742346c2ab74d476  2006.0/RPMS/libheartbeat0-1.2.3-5.2.20060mdk.i586.rpm
 a4306e4730d23f7c44cde38148d2fbf0  2006.0/RPMS/libheartbeat0-devel-1.2.3-5.2.20060mdk.i586.rpm
 d9ed984f7044b1fd895bf48a17646149  2006.0/RPMS/libheartbeat-pils0-1.2.3-5.2.20060mdk.i586.rpm
 893136133c78f81f45c5a46b90bd56f6  2006.0/RPMS/libheartbeat-pils0-devel-1.2.3-5.2.20060mdk.i586.rpm
 fc48ae914852b91d25e204df5013ea88  2006.0/RPMS/libheartbeat-stonith0-1.2.3-5.2.20060mdk.i586.rpm
 27dba06cd918f4e44e7316f37c0728e1  2006.0/RPMS/libheartbeat-stonith0-devel-1.2.3-5.2.20060mdk.i586.rpm
 ec184261c2b75735f245058cc102875b  2006.0/SRPMS/heartbeat-1.2.3-5.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 ceefc3ca6b8bfd9e5342c7e57c9d22de  x86_64/2006.0/RPMS/heartbeat-1.2.3-5.2.20060mdk.x86_64.rpm
 056f0fc351514d5daf25e8b7c0dac268  x86_64/2006.0/RPMS/heartbeat-ldirectord-1.2.3-5.2.20060mdk.x86_64.rpm
 511ed82622928343faa187cd4be07b23  x86_64/2006.0/RPMS/heartbeat-pils-1.2.3-5.2.20060mdk.x86_64.rpm
 ccedb1fac9aa393d83b1e261b83ca32e  x86_64/2006.0/RPMS/heartbeat-stonith-1.2.3-5.2.20060mdk.x86_64.rpm
 bbb2d50dabbf3c782282403e185e3ed3  x86_64/2006.0/RPMS/lib64heartbeat0-1.2.3-5.2.20060mdk.x86_64.rpm
 e960d1a0be192e27325e8080ff805d30  x86_64/2006.0/RPMS/lib64heartbeat0-devel-1.2.3-5.2.20060mdk.x86_64.rpm
 3806435d23c0d78c01f095349098ab32  x86_64/2006.0/RPMS/lib64heartbeat-pils0-1.2.3-5.2.20060mdk.x86_64.rpm
 56f6f6748b15477595954cf62fb1be4f  x86_64/2006.0/RPMS/lib64heartbeat-pils0-devel-1.2.3-5.2.20060mdk.x86_64.rpm
 1b7ec3e3232f92f4798f1f27e791f5fa  x86_64/2006.0/RPMS/lib64heartbeat-stonith0-1.2.3-5.2.20060mdk.x86_64.rpm
 b4eba13e67ddb63f4e945fd3623b70dc  x86_64/2006.0/RPMS/lib64heartbeat-stonith0-devel-1.2.3-5.2.20060mdk.x86_64.rpm
 ec184261c2b75735f245058cc102875b  x86_64/2006.0/SRPMS/heartbeat-1.2.3-5.2.20060mdk.src.rpm

 Corporate 3.0:
 cedaede52beb3d048afe667f26c38fde  corporate/3.0/RPMS/heartbeat-1.2.3-2.3.C30mdk.i586.rpm
 bc8a44f9c3bbc42ae092da7f738af2c4  corporate/3.0/RPMS/heartbeat-ldirectord-1.2.3-2.3.C30mdk.i586.rpm
 a0f4b51b272f037c17fba097784d7177  corporate/3.0/RPMS/heartbeat-pils-1.2.3-2.3.C30mdk.i586.rpm
 cf113ac1f2847706f3a69c7b809f62ea  corporate/3.0/RPMS/heartbeat-stonith-1.2.3-2.3.C30mdk.i586.rpm
 93fd800765604254140a6f067d482c8b  corporate/3.0/RPMS/libheartbeat0-1.2.3-2.3.C30mdk.i586.rpm
 2dbb453665fcb6386734f5b9150b92e8  corporate/3.0/RPMS/libheartbeat0-devel-1.2.3-2.3.C30mdk.i586.rpm
 718bf907afe2cee9677395082905cd77  corporate/3.0/RPMS/libheartbeat-pils0-1.2.3-2.3.C30mdk.i586.rpm
 44b21aad591fe193b9e7236cbbfce967  corporate/3.0/RPMS/libheartbeat-pils0-devel-1.2.3-2.3.C30mdk.i586.rpm
 3a421e29c6c74fe75d3b5a47a32a1003  corporate/3.0/RPMS/libheartbeat-stonith0-1.2.3-2.3.C30mdk.i586.rpm
 44b30593b986755b6805474251c0b843  corporate/3.0/RPMS/libheartbeat-stonith0-devel-1.2.3-2.3.C30mdk.i586.rpm
 362a30fb09bd24d2507a030d82e3d020  corporate/3.0/SRPMS/heartbeat-1.2.3-2.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 b5c12159643089bfc87aeb4e08719467  x86_64/corporate/3.0/RPMS/heartbeat-1.2.3-2.3.C30mdk.x86_64.rpm
 dec8e2ef290fb9fbcf0515478aab2a96  x86_64/corporate/3.0/RPMS/heartbeat-ldirectord-1.2.3-2.3.C30mdk.x86_64.rpm
 4816a2dbc933099da9e6d8969fac9395  x86_64/corporate/3.0/RPMS/heartbeat-pils-1.2.3-2.3.C30mdk.x86_64.rpm
 a5b482fe798f98eeb1cb702898807560  x86_64/corporate/3.0/RPMS/heartbeat-stonith-1.2.3-2.3.C30mdk.x86_64.rpm
 1fb38b260833c55999be24fbf63a3aac  x86_64/corporate/3.0/RPMS/lib64heartbeat0-1.2.3-2.3.C30mdk.x86_64.rpm
 f3ebccf215e1e96cb35c252db87bcd80  x86_64/corporate/3.0/RPMS/lib64heartbeat0-devel-1.2.3-2.3.C30mdk.x86_64.rpm
 8ff7be0054b3a529facc33004f5f6d0f  x86_64/corporate/3.0/RPMS/lib64heartbeat-pils0-1.2.3-2.3.C30mdk.x86_64.rpm
 bc7419d6d959e8088c5c2a39c0adcc4d  x86_64/corporate/3.0/RPMS/lib64heartbeat-pils0-devel-1.2.3-2.3.C30mdk.x86_64.rpm
 04716c3769327dc854ad8425cfe08233  x86_64/corporate/3.0/RPMS/lib64heartbeat-stonith0-1.2.3-2.3.C30mdk.x86_64.rpm
 16beaa0ad35f93a1e750d0e7f71a7e3c  x86_64/corporate/3.0/RPMS/lib64heartbeat-stonith0-devel-1.2.3-2.3.C30mdk.x86_64.rpm
 362a30fb09bd24d2507a030d82e3d020  x86_64/corporate/3.0/SRPMS/heartbeat-1.2.3-2.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE4Md0mqjQ0CJFipgRArKMAJ47bA0Ei+FRD9gfIsaTaBnvMCokmACg09Xp
X7+Aj9VhwpZtOTiRJFwClSU=
=5nFb
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48759)

Debian Linux Security Advisory 1128-1 (PacketStormID:F48759)
2006-08-03 00:00:00
Debian  debian.org
advisory,denial of service,local
linux,debian
CVE-2006-3815
[点击下载]

Debian Security Advisory 1128-1 - Yan Rong Ge discovered that wrong permissions on a shared memory page in heartbeat, the subsystem for High-Availability Linux could be exploited by a local attacker to cause a denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1128-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 28th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : heartbeat
Vulnerability  : permission error
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-3815

Yan Rong Ge discovered that wrong permissions on a shared memory page
in heartbeat, the subsystem for High-Availability Linux could be
exploited by a local attacker to cause a denial of service.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.3-9sarge5.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your heartbeat packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.dsc
      Size/MD5 checksum:      881 e2316605a229d2010d73f5a6010cd6aa
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.diff.gz
      Size/MD5 checksum:   272592 192d3f12c3760f390f1e6c8a3dba468b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
      Size/MD5 checksum:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge5_all.deb
      Size/MD5 checksum:    45524 7d2337e5b9688348a3138eba7e59e205

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:   574460 9847e433ad0571780e0cc5e816b47e2a
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:   150810 01833ce04b35dda6c00378f4f562c0a1
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    71086 d4215fb2936d0fb00c7795bb3b15f3f2
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    54118 3728d492248c4466325307599e7dff4d
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    31278 94d4e6361b439de7c31c24e437db32c5
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    94306 8db0b3e8359f591d41fb9e93f45c79d1
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    31736 a7dc62066661195edf8fb02149bc4082

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:   531406 8ed054c572a31b95cb0244bdb52d8a9e
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:   126298 1cba6c5a3e1f30454774f25a0c64ad1b
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    61920 8db8ad7a24c1d1d61c2f0f7394022e28
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    52610 31bc190e7467287595e869c3f18bf52b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    30124 09089f6d255cbde687038b769d2fecce
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    89148 6311c04b2d921525936174618470903e
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    31160 14cda7586145fa6f96a233c355f88f69

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:   498476 4369ea208be3d589ec2e316685620986
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:   123784 dccd3509cc873ce72485570228d2a6d9
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    63378 94641c17b4e3fed4824d899474c6e3ed
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    49238 979725f820f3325ee692ed145867b5ad
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    30018 8938e174a8c2c3dc06c6862140c72e5a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    77600 88ecf9e470daf707df6e894c3d1b79ad
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    30442 2666a892d264498661431a05dc823f7d

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:   493780 6eaa72e123ef20320d2b383b6ed2c722
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:   117784 f4626f8e9352fdc9b1336a573698a845
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    59098 fdb08a2d7a22ca675b6403ae3b7d1329
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    48276 f3e32c9b71a4c53e2daf3fc5266e1324
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    29750 e43b664896db04159a225dab1be04165
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    79358 af9540fe562a354a661096f9b4f30e89
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    30594 a1eaa1216c6ea8084c84d9871ad5f804

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:   648316 384b63cb0ce2fb36ec41845d70f4376d
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:   152850 40244f1af6fe85a4266b43c6ab84f33d
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:    74340 e16ddc3837a2642b4f55828ed382a50e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:    62588 3915b611f0bb05283bab465752970664
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:    31410 f8c770b349aee38eb0fe6a1a3a1b508d
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:   104774 beea35899d07dc042d07e7f06d3281c4
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:    32668 6a1bcf82b90ba71697d8ee46d1353cf1

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:   550630 3c9f7a2a70304891e40fefac094c43de
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:   136092 96ac45ef564317a48f091b5c41418dae
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    68394 6146733cb8716e17c134f7d2364fbb0e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    55760 21ada52d116ff08c35bc922d581b411a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    30522 076ef9300f2b4fe6f8455560b45ad6aa
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    92992 dd2867a5ec53891bb1ac614d2f602ba1
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    31604 c4442dc502285bc3885be02eca1642a2

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:   480728 cd80ece0f8ab57b5a1a749562f6712aa
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:   113722 341f1d6845b7fe927b59ca6aa556434c
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    56702 1d41a8bf1a1eafff34cb1b3e6fd1c62d
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    48494 a0116b63431904bb0b52f603c2561b40
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    29650 5e38602c4a8dd757d5211faa1a394cef
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    82124 86c2ea4de5365d2a68c7552136f8cf85
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    30438 2ea96995e6ad25b4642e863ca9dbb72a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:   536454 a87ed4e47692e431c08799c49306374f
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:   132758 fe96f80213beced3e727f4480a88160f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    65676 d0621bcf15a88452f2a0a52b0c62a103
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    48544 2b988b58949a9bc0f4bae57ead80d2c7
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    30350 a8ee448b80728ef7b367f8cfa8737fe1
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    80816 7cd8f0f8d0f5edb34156598d94711170
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    32822 4a138abded7028692b82cfa946b117cb

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:   537002 8598c58f2402ad8825bf8f3df4c151a7
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:   132912 34e457d7ef19866d3db2bb2fc59ce1fb
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    65460 3ce0d1a87ab3beb0f7c48d34a11cd2c3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    48772 c642145166fa191c187c7ae6f25e279b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    30392 de240c2b6810179ada953f654d52d175
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    80754 aac5c4e257902dd4fc7dbf433981ee49
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    32808 b24f0832f4ebb7b5b1cfc6d9ab446c99

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:   556148 302f0b74bdd56165b94b01a9bb90a42d
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:   127788 9b47664201dd587adcf9bf77f731a8a3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    61998 7c756384c43d1eaca20e620e6f1a4094
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    53702 d2346f5245b0582c62682e5c9cf15bac
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    30254 f71d058dae3548339e8ee6c6fbfeee02
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    98912 ad975e3342e9c7307db563fa934ed4d5
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    33424 fcab2de5e474005a2d45845aa9fe05a1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:   530550 190c0f55b3e2382cfd62bdfe1d70401f
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:   126878 1aeb5190ee76ab5d23b947f02ebbdf94
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    62596 3ed233dec951d3c8f5a9e2a82451f97e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    53062 d736264ebc8ccc0377a03bb6b8657ee2
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    30124 86c4a1c40b11a78128d780a6449343c9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    85028 6fa09db025548cb563a9def7956b24bc
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    31096 8f7aa5931d770cca199f0ecd367cf208

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:   501034 943e6749e409d159828c23844d24b572
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:   121342 ddde9f790ac4fb7c85c4b637d6b0fcfb
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    63140 81e1bca4e8d3658045703b6270fc1c46
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    50226 009a9ab68cb128442d4ac63f63be401c
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    29988 99b51b32a1202fdb842ffefecfa2df24
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    81390 fda21b3d7591335fe5feb3c19dd1f040
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    30528 0f3d32f0738ade94a602d6402fef0f92


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEybbNW5ql+IAeqTIRAqTYAJ0aY9C6J+zO1ysJkieABSwVX1G5ZQCgnDUN
59OUd52w+83hAziPtvHSGtU=
=INv7
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48659)

Ubuntu Security Notice 326-1 (PacketStormID:F48659)
2006-07-28 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,local
linux,ubuntu
CVE-2006-3815
[点击下载]

Ubuntu Security Notice USN-326-1 - Yan Rong Ge discovered that heartbeat did not set proper permissions for an allocated shared memory segment. A local attacker could exploit this to render the heartbeat service unavailable causing a denial of service condition.

=========================================================== 
Ubuntu Security Notice USN-326-1              July 27, 2006
heartbeat vulnerability
CVE-2006-3815
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  heartbeat                                1.2.3-3ubuntu1.2

Ubuntu 5.10:
  heartbeat                                1.2.3-12ubuntu0.1

Ubuntu 6.06 LTS:
  heartbeat                                1.2.4-2ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Yan Rong Ge discovered that heartbeat did not set proper permissions
for an allocated shared memory segment. A local attacker could exploit
this to render the heartbeat service unavailable (Denial of
Service).


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.2.diff.gz
      Size/MD5:   246093 3ec140cdfd4b1366ebc80949929a1e53
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.2.dsc
      Size/MD5:      847 756f89385ad79532421877d21f2dc5ab
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
      Size/MD5:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/ldirectord_1.2.3-3ubuntu1.2_all.deb
      Size/MD5:    44696 a30cdadd183ab0648dac48a3a12e55aa

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-3ubuntu1.2_amd64.deb
      Size/MD5:   125424 12f22ff5c4bbe7a8d430fd7f1c0eb061
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.2_amd64.deb
      Size/MD5:   533132 26e72b2a4f97b7e2e103be2aff53e1a0
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-3ubuntu1.2_amd64.deb
      Size/MD5:    61124 ab240db5ab465c9d4c1b05b22ac67b90
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-3ubuntu1.2_amd64.deb
      Size/MD5:    51812 4da42c1ca980eb62d2aa7905bab30227
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-3ubuntu1.2_amd64.deb
      Size/MD5:    29280 68a090e862161255bf30b5564839dcf0
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-3ubuntu1.2_amd64.deb
      Size/MD5:    79580 13581bf67cc41797f6209c7e9ac8522f
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-3ubuntu1.2_amd64.deb
      Size/MD5:    30306 d6c71a534f3d90724a1e9aa2bf878d19

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-3ubuntu1.2_i386.deb
      Size/MD5:   114864 2450cddfab1fb927ebaa058d79f672d4
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.2_i386.deb
      Size/MD5:   489662 e01b9cd2f15f109a7827fa7fcc95def2
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-3ubuntu1.2_i386.deb
      Size/MD5:    57264 e2e160e1afd3192ed1b02dc02d8bb423
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-3ubuntu1.2_i386.deb
      Size/MD5:    46772 1f9b32a6694da698c5b7dd471ae8e611
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-3ubuntu1.2_i386.deb
      Size/MD5:    28866 61a9b5a8e7a05a269627f2fd996c36da
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-3ubuntu1.2_i386.deb
      Size/MD5:    69270 1c92e784e1be5912a0b3fc11a4cf3517
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-3ubuntu1.2_i386.deb
      Size/MD5:    29704 1f5ad3c81122f0b93dac7552f889d953

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-3ubuntu1.2_powerpc.deb
      Size/MD5:   126936 d80eca2b83b8c4b4b5a5af854d1a6824
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.2_powerpc.deb
      Size/MD5:   557100 5170ed8f4bad84fc13baba34cf925f78
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-3ubuntu1.2_powerpc.deb
      Size/MD5:    61186 bac65215be030e0181fb51aaf673b27c
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-3ubuntu1.2_powerpc.deb
      Size/MD5:    52820 8af7fd485f7a546aa266a83f14022a89
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-3ubuntu1.2_powerpc.deb
      Size/MD5:    29450 b0264aea8ccf20b743d6ef4291f35b78
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-3ubuntu1.2_powerpc.deb
      Size/MD5:    89042 3767a41ededab5060daa5c924b33bd4e
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-3ubuntu1.2_powerpc.deb
      Size/MD5:    32596 b2498312ac51b20d5e7bd2e787b92063

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-12ubuntu0.1.diff.gz
      Size/MD5:   273014 c65e3cab025db4cf380f6306aed2c6b1
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-12ubuntu0.1.dsc
      Size/MD5:      889 e50b28e2b00e87d5dc6e54c88c2b2345
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
      Size/MD5:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/ldirectord_1.2.3-12ubuntu0.1_all.deb
      Size/MD5:    45772 d554cab515194937acad979e41fb3e00

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-12ubuntu0.1_amd64.deb
      Size/MD5:   127682 8dc69a6762cb48be2b5e6366af018b48
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-12ubuntu0.1_amd64.deb
      Size/MD5:   541822 115dc7a939843936ec0b8c73bc06672c
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-12ubuntu0.1_amd64.deb
      Size/MD5:    62224 2c8bcec90512fc43b7973b6d06025af7
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-12ubuntu0.1_amd64.deb
      Size/MD5:    52526 cfbe3cc3422e6d33074a3888dc726b1b
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-12ubuntu0.1_amd64.deb
      Size/MD5:    30522 7070a5d33227dc39ec5e512d932925b0
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-12ubuntu0.1_amd64.deb
      Size/MD5:    87916 e6bb4daa22c97ee4ea399dd582b06bc3
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-12ubuntu0.1_amd64.deb
      Size/MD5:    37504 a87d7c6b6835467f59e34a13cbbdf124

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-12ubuntu0.1_i386.deb
      Size/MD5:   116578 726e65679cea2f55f28895996f19164e
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-12ubuntu0.1_i386.deb
      Size/MD5:   497364 cab2e724884a20f6e00f346ffdd2494c
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-12ubuntu0.1_i386.deb
      Size/MD5:    57788 759223e25b80d242ddca949df0c60715
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-12ubuntu0.1_i386.deb
      Size/MD5:    46762 d6b8011d20e20f436f33aeeaa23906db
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-12ubuntu0.1_i386.deb
      Size/MD5:    29998 42792925fa3dfb70c0691acf1f09fce4
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-12ubuntu0.1_i386.deb
      Size/MD5:    77016 f747dfd39e5a2df0e503fb520024344c
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-12ubuntu0.1_i386.deb
      Size/MD5:    36954 38a16fef630f412b3e6ad730a055a852

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-12ubuntu0.1_powerpc.deb
      Size/MD5:   129358 ad40c2dc589c1a2d25c376f7f06a5029
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-12ubuntu0.1_powerpc.deb
      Size/MD5:   566184 d07c9f581b20cee0661046d31a446d32
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-12ubuntu0.1_powerpc.deb
      Size/MD5:    62126 4568199f1406886eeb7b2576adedbc96
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-12ubuntu0.1_powerpc.deb
      Size/MD5:    53430 5412d45b0ce452a8f59cd7b4e27b6815
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-12ubuntu0.1_powerpc.deb
      Size/MD5:    30594 bc3f6213db5c1908e51103ce4b4dc0e0
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-12ubuntu0.1_powerpc.deb
      Size/MD5:    99256 7ca21104e73e73aaf075d13241bc9e48
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-12ubuntu0.1_powerpc.deb
      Size/MD5:    40092 3fe23aee398e72f92487be720439fdd7

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-12ubuntu0.1_sparc.deb
      Size/MD5:   122150 232b62a1003b1428734fca457933372c
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-12ubuntu0.1_sparc.deb
      Size/MD5:   511344 63afdbf2af5514c08ca0963cd6538f7b
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-12ubuntu0.1_sparc.deb
      Size/MD5:    63094 2192f22f5ff55baf5e60dbc9d1b24101
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-12ubuntu0.1_sparc.deb
      Size/MD5:    49654 4becd99debbe382a011fff148bcd4d26
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-12ubuntu0.1_sparc.deb
      Size/MD5:    30288 93f63efa3f6bfa53a5aaea4593c01c3e
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-12ubuntu0.1_sparc.deb
      Size/MD5:    81024 0e6e1fcc2d173f3bfc69b5e3fd81ee63
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-12ubuntu0.1_sparc.deb
      Size/MD5:    37158 6af0fe1a5b28fb346f8ef0fd81c107be

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4-2ubuntu0.1.diff.gz
      Size/MD5:     2666 664d3f99835d21e988996cb0ce6cdc78
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4-2ubuntu0.1.dsc
      Size/MD5:      912 4264a651ca795f97b145b365f4edd8c3
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4.orig.tar.gz
      Size/MD5:  2102978 7e3f752af06c25f7141c4b67a538e718

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/ldirectord_1.2.4-2ubuntu0.1_all.deb
      Size/MD5:    48700 33ba0f82c379f104a1368b5709de588f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.4-2ubuntu0.1_amd64.deb
      Size/MD5:   133014 2eb4bab4ceecf7f7c630e8f846ab04fb
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4-2ubuntu0.1_amd64.deb
      Size/MD5:   526350 225a3bdab37c5ef648579c72c8b79080
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.4-2ubuntu0.1_amd64.deb
      Size/MD5:    64276 0322dd63e7f9589324b18b329622b71b
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.4-2ubuntu0.1_amd64.deb
      Size/MD5:    54388 7055ae330f7aae45c4d6b3dfc662996e
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.4-2ubuntu0.1_amd64.deb
      Size/MD5:    32436 64a59bef66175e1c0c1c31512392775d
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.4-2ubuntu0.1_amd64.deb
      Size/MD5:   104082 7f51861edaa1725fee9bf8d55bc9789a
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.4-2ubuntu0.1_amd64.deb
      Size/MD5:    39412 0895ab777ff900ded13b34751a7a2fde

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.4-2ubuntu0.1_i386.deb
      Size/MD5:   121110 892f32a795959a8ae6bffe42179f01cf
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4-2ubuntu0.1_i386.deb
      Size/MD5:   486874 356786a173c01fe00fa7e0efe3c6f187
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.4-2ubuntu0.1_i386.deb
      Size/MD5:    59760 4bc84e563bfe788e50d14feb064a0cbf
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.4-2ubuntu0.1_i386.deb
      Size/MD5:    48510 a9be42a6712c61b02f0ed49a48358b90
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.4-2ubuntu0.1_i386.deb
      Size/MD5:    31960 824535043028fc15e5a44c3ef17d8c2a
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.4-2ubuntu0.1_i386.deb
      Size/MD5:    90966 885872ae7fef376f4935bcfe4fee21c9
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.4-2ubuntu0.1_i386.deb
      Size/MD5:    38862 d15f602bf298bc932a09dc48aae4c498

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.4-2ubuntu0.1_powerpc.deb
      Size/MD5:   134802 633a967537877349aa64dee4bad16f8f
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4-2ubuntu0.1_powerpc.deb
      Size/MD5:   551384 c64828980eaa68cb55037f469d88219b
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.4-2ubuntu0.1_powerpc.deb
      Size/MD5:    64176 f042ed21f99e747df5cac680067d6e77
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.4-2ubuntu0.1_powerpc.deb
      Size/MD5:    55240 aec0c2f0d9a3ef0b48d924221b236df4
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.4-2ubuntu0.1_powerpc.deb
      Size/MD5:    32540 af58be35eff472b96d5eab7a8d67bb9f
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.4-2ubuntu0.1_powerpc.deb
      Size/MD5:   117376 811853abf5e12d478ef28ee41d5adb9f
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.4-2ubuntu0.1_powerpc.deb
      Size/MD5:    41920 84445ee4f5f3d66787e65a8d9b556196

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.4-2ubuntu0.1_sparc.deb
      Size/MD5:   126608 8ec315f5602a077bbc8eb014b30039ee
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4-2ubuntu0.1_sparc.deb
      Size/MD5:   498026 3e52ce1e67933fe01c802364ffe73132
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.4-2ubuntu0.1_sparc.deb
      Size/MD5:    65134 1caaf2801011f09037067f1879e9e385
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.4-2ubuntu0.1_sparc.deb
      Size/MD5:    51530 0ed83d229d539c3ea8a505bf07518c12
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.4-2ubuntu0.1_sparc.deb
      Size/MD5:    32184 d7bfa220ece5a38857147dc347fe2876
    http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.4-2ubuntu0.1_sparc.deb
      Size/MD5:    95780 70848e504b76b540c2b2e6add1c89cc7
    http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.4-2ubuntu0.1_sparc.deb
      Size/MD5:    39016 f7b7798b16cb54bcd3f821503de07a0b

    

- 漏洞信息

27555
Heartbeat Shared Memory Insecure Permission Local DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-12 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux-HA Heartbeat Insecure Default Permissions on Shared Memory Vulnerability
Design Error 19186
No Yes
2006-07-27 12:00:00 2006-10-11 09:44:00
This vulnerability was reported by the vendor.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Linux-HA heartbeat 2.0.5
Linux-HA heartbeat 2.0.4
Linux-HA heartbeat 2.0.3
Linux-HA heartbeat 2.0.2
Linux-HA heartbeat 2.0.1
Linux-HA heartbeat 2.0
Linux-HA heartbeat 1.2.3
- Debian Linux 3.1 sparc
- Debian Linux 3.1 s/390
- Debian Linux 3.1 ppc
- Debian Linux 3.1 mipsel
- Debian Linux 3.1 mips
- Debian Linux 3.1 m68k
- Debian Linux 3.1 ia-64
- Debian Linux 3.1 ia-32
- Debian Linux 3.1 hppa
- Debian Linux 3.1 arm
- Debian Linux 3.1 alpha
- Debian Linux 3.1
Linux-HA heartbeat 1.2.2
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian apt-cacher 0.9.10
Linux-HA heartbeat 2.0.6

- 不受影响的程序版本

Linux-HA heartbeat 2.0.6

- 漏洞讨论

Since Linux-HA Heartbeat has insecure default permissions set on shared memory, local attackers may be able to cause a denial of service.

Exploitation would most likely result in a system crash, loss of data, and resource exhaustion, leading to a denial of service if critical files are accessed improperly or overwritten in the attack. Other attacks may be possible as well.

- 漏洞利用

The following exploit is available:

- 解决方案

The vendor has released an upgrade that addresses this issue.

Please see the associated advisories for more information.


Linux-HA heartbeat 1.2.3

Linux-HA heartbeat 2.0

Linux-HA heartbeat 2.0.1

Linux-HA heartbeat 2.0.2

Linux-HA heartbeat 2.0.3

Linux-HA heartbeat 2.0.4

Linux-HA heartbeat 2.0.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站