« 改进过滤搜索引擎agent的python代码 | Main | 关于 apache php 的编译和包管理注意事项 »
August 29, 2006
heartbeat Remote Denial of Service
|
版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。 http://windtear.net/archives/2006/08/29/001069.html http://windtear.net/archives/2006/08/29/001069.html heartbeat Remote Denial of Service http://www.linux-ha.org/ http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt 08/13/2006: We have discovered a remote denial of service vulnerability in heartbeat, and also a potential local denial of service vulnerability. Upgrading to 2.0.7 or 1.2.5 is recommended at your earliest convenience. If this is not possible in the short term, it is recommended that you keep attackers of your heartbeat networks through either physical separation or firewalls. - Remote Denial of Service attack (#195068, CVE-2006-3121). - Local Denial of Service attack (#194444, CVE-2006-3815). (this one was actually fixed in 2.0.6) http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3121 --- heartbeat-1.2.3/lib/clplumbing/cl_netstring.c +++ heartbeat-1.2.3/lib/clplumbing/cl_netstring.c @@ -257,6 +257,11 @@ *data = sp; sp += (*len); + + if (sp >= smax ){ + return(HA_FAIL); + } + if (*sp != ','){ return(HA_FAIL); } http://www.linux-ha.org/download/heartbeat-2.0.7-1.src.rpm http://www.ultramonkey.org/ http://www.ultramonkey.org/download/3/rh.el.3/RPMS/ |
Posted by windtear at August 29, 2006 11:40 PM
Trackback Pings
TrackBack URL for this entry:
http://cgi.windtear.net/cgi-bin/wt-tb.cgi/1069
Comments
Post a comment
【我爱网络】
2007-12-31 23:51 2007年度 ipcn.org/ipchina.org 总结报告
2007-12-31 00:31 vmware gsx server service
2007-12-31 00:15 squid 对 404 302 缓存的相关问题
2007-12-30 14:24 升级到 MovableType 3.3x 并修改 entry_basename 兼容性
2007-12-30 13:52 [php] realip judge 前面补0的ip格式剔除
2007-12-14 16:34 rm -rf * 系统管理员要排查的定时炸弹
2007-12-13 19:03 山西的宽带运营商太过分了 私自窜改dns解析
2007-12-13 16:35 F5 MIB 再学习 唯一性标记用地址的小bug
2007-12-11 22:15 perl 用Spreadsheet::WriteExcel写了个处理/读写excel的小程序
2007-12-11 13:39 perl 变量转义的问题
