CVE-2006-3815
published 2006-07-25CVE-2006-3815: heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of…
PriorityP49low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
0.78%
51.2th percentile
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | heartbeat | < heartbeat 1.2.4-13 (bookworm) | heartbeat 1.2.4-13 (bookworm) |
| heartbeat | heartbeat | >= 0 < 1.2.4-13 | 1.2.4-13 |
| heartbeat | heartbeat | >= 0 < 1.2.4-13 | 1.2.4-13 |
| heartbeat | heartbeat | >= 0 < 1.2.4-13 | 1.2.4-13 |
| heartbeat | heartbeat | >= 0 < 1.2.4-13 | 1.2.4-13 |
| linux-ha | heartbeat | <= 2.0.5 | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_debian2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-32c9-8jgc-9c8c: heartbeat
ghsa_unreviewed·2022-05-01
CVE-2006-3815 [LOW] GHSA-32c9-8jgc-9c8c: heartbeat
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
OSV
CVE-2006-3815: heartbeat
osv·2006-07-25·CVSS 2.1
CVE-2006-3815 [LOW] CVE-2006-3815: heartbeat
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
Ubuntu
heartbeat vulnerability
vendor_ubuntu·2006-07-28
CVE-2006-3815 heartbeat vulnerability
Title: heartbeat vulnerability
Summary: heartbeat vulnerability
Yan Rong Ge discovered that heartbeat did not set proper permissions
for an allocated shared memory segment. A local attacker could exploit
this to render the heartbeat service unavailable (Denial of
Service).
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2006-3815: heartbeat - heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call...
vendor_debian·2006·CVSS 2.1
CVE-2006-3815 [LOW] CVE-2006-3815: heartbeat - heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call...
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
Scope: local
bookworm: resolved (fixed in 1.2.4-13)
bullseye: resolved (fixed in 1.2.4-13)
forky: resolved (fixed in 1.2.4-13)
sid: resolved (fixed in 1.2.4-13)
trixie: resolved (fixed in 1.2.4-13)
No detection rules found.
No writeups or analysis indexed.
http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514http://secunia.com/advisories/21162http://secunia.com/advisories/21231http://secunia.com/advisories/21240http://secunia.com/advisories/21521http://secunia.com/advisories/21629http://security.gentoo.org/glsa/glsa-200608-23.xmlhttp://securitytracker.com/id?1016602http://www.debian.org/security/2006/dsa-1128http://www.linux-ha.org/_cache/SecurityIssues__sec03.txthttp://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:142http://www.securityfocus.com/bid/19186http://www.ubuntu.com/usn/usn-326-1http://www.vupen.com/english/advisories/2006/2994http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514http://secunia.com/advisories/21162http://secunia.com/advisories/21231http://secunia.com/advisories/21240http://secunia.com/advisories/21521http://secunia.com/advisories/21629http://security.gentoo.org/glsa/glsa-200608-23.xmlhttp://securitytracker.com/id?1016602http://www.debian.org/security/2006/dsa-1128http://www.linux-ha.org/_cache/SecurityIssues__sec03.txthttp://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:142http://www.securityfocus.com/bid/19186http://www.ubuntu.com/usn/usn-326-1http://www.vupen.com/english/advisories/2006/2994
2006-07-25
Published