CVE-2002-1215

Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000540
http://linux-ha.org/security/sec01.txt
http://www.debian.org/security/2002/dsa-174	Patch Vendor Advisory
http://www.iss.net/security_center/static/10357.php	Vendor Advisory
http://www.novell.com/linux/security/advisories/2002_037_heartbeat.html
http://www.securityfocus.com/bid/5955	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:linux-ha:heartbeat:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-10-28 05:00

Updated : 2008-09-10 19:14

NVD link : CVE-2002-1215

Mitre link : CVE-2002-1215

CVE.ORG link : CVE-2002-1215

JSON object : View

Products Affected

linux-ha

heartbeat

CWE

NVD-CWE-Other

{"id": "CVE-2002-1215", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-10-28T05:00:00.000", "references": [{"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000540", "source": "cve@mitre.org"}, {"url": "http://linux-ha.org/security/sec01.txt", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2002/dsa-174", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10357.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2002_037_heartbeat.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5955", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources)."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de formato de cadena en heartbeat 0.4.9 y anteriores permiten a atacantes remotos ejecutar c\u00f3digo arbitrario mediante ciertos paquetes al puerto UDP 694."}], "lastModified": "2008-09-10T19:14:03.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linux-ha:heartbeat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D2BFEC4-AC06-4F3F-92E4-951431588499", "versionEndIncluding": "0.4.9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}