Linux-HA Heartbeat远程缓冲区溢出漏洞

admin
admin
admin
0
文章
0
评论
2022-07-22 09:52:44 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Linux-HA Heartbeat远程缓冲区溢出漏洞

  • CNNVD编号:CNNVD-200210-294
  • 危害等级: 超危
  • CVE编号: CVE-2002-1215
  • 漏洞类型: 边界条件错误
  • 发布时间: 2002-10-28
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: linux-ha
  • 漏洞来源: Nathan Wallwork

漏洞简介

Heartbeat是一款高可用性(High-Availability)Linux下的系统监视工具。 Linux-HA heartbeat在处理TCP包时存在问题,远程攻击者可以利用这个漏洞进行远程缓冲区溢出攻击,可能以root用户的权限在系统上执行任意指令。 如果系统把心跳信号通过Internet网络发送信息的情况下,远程攻击者可以发送特殊构建的TCP包触发缓冲区溢出,精心构建提交数据可能以root用户的权限在系统上执行任意指令。

漏洞公告

厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-174-1)以及相应补丁:

DSA-174-1:New heartbeat packages fix buffer overflows

链接: http://www.debian.org/security/2002/dsa-174

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2.dsc

Size/MD5 checksum: 658 4e8837e9eb95922aa5afc247a494db5f

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2.diff.gz

Size/MD5 checksum: 46755 411725a4fd7aa7eef881cf51ba1a8cfb

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l.orig.tar.gz

Size/MD5 checksum: 308033 1dcae9e87ad2e5c2113e91a884c1ca8e

Architecture independent components:

http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_0.4.9.0l-7.2_all.deb

Size/MD5 checksum: 33118 27d3073cade1d823e0405755b9b4ebd1

Alpha architecture:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_alpha.deb

Size/MD5 checksum: 207742 bad9f314f54f855aca65766778a6c0b6

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_alpha.deb

Size/MD5 checksum: 15444 461b6552e2ad5ed112bbad3a13e083b7

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_alpha.deb

Size/MD5 checksum: 14078 1a03d5c6f3dff85bcd9a20e5b1286c79

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_alpha.deb

Size/MD5 checksum: 63892 3a8013ede5a68f62af818bd6f13369ea

ARM architecture:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_arm.deb

Size/MD5 checksum: 193994 b2547bee30b2db32b8fd53943a6a0c1e

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_arm.deb

Size/MD5 checksum: 15108 1e284480e2ec8e1e45c11d6035847f37

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_arm.deb

Size/MD5 checksum: 13430 3424c37fbb757be208ac220636b1a3e6

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_arm.deb

Size/MD5 checksum: 53572 9ee34e2dc31d9bb9eb7f430e9c259c3e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_i386.deb

Size/MD5 checksum: 185196 b59c131ae306280c722716ac3d54ac37

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_i386.deb

Size/MD5 checksum: 14786 c5524b1271c4dd6863d16af09b3f5427

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_i386.deb

Size/MD5 checksum: 13300 b95830c76892050c2f78e924a4881b6c

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_i386.deb

Size/MD5 checksum: 51018 c1b98bd10d698030abde5e608a694762

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_ia64.deb

Size/MD5 checksum: 259426 34814d6a05215a9cbd3e5c96420d16dd

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_ia64.deb

Size/MD5 checksum: 16156 65ff55faefafac7d4283ce57441d7d00

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_ia64.deb

Size/MD5 checksum: 15240 ff38757ef93dc3bf1027062c6f3bc06e

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_ia64.deb

Size/MD5 checksum: 100186 cc86feab05680b136abd9730a42c49c7

HP Precision architecture:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_hppa.deb

Size/MD5 checksum: 195424 bd2d9eae9a1b3dd8fefd11c30520baa7

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_hppa.deb

Size/MD5 checksum: 15250 93505675caf2cb172abae2219ed0e5eb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_hppa.deb

Size/MD5 checksum: 13620 e6d96de79a3c2963cad57c189ce4efd8

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_hppa.deb

Size/MD5 checksum: 55176 d6b01189015ccf70c6cdb9e34dfa3253

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_m68k.deb

Size/MD5 checksum: 187538 c5d11a2c4504d6c828fa34927faa2a4a

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_m68k.deb

Size/MD5 checksum: 14930 9bb0a67c7b56e72a6053e3c4ab175079

http://security.debian.org/pool/updates/main/h/

参考网址

来源: BID 名称: 5955 链接:http://www.securityfocus.com/bid/5955 来源: DEBIAN 名称: DSA-174 链接:http://www.debian.org/security/2002/dsa-174 来源: SUSE 名称: SuSE-SA:2002:037 链接:http://www.novell.com/linux/security/advisories/2002_037_heartbeat.HTML 来源: XF 名称: linuxha-heartbeat-bo(10357) 链接:http://www.iss.net/security_center/static/10357.php 来源: linux-ha.org 链接:http://linux-ha.org/security/sec01.txt 来源: CONECTIVA 名称: CLA-2002:540 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000540

受影响实体

  • Linux-Ha Heartbeat:0.4.9  
  • Linux-Ha Heartbeat:0.4.9  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0