Heartbeat Vulnerability
Created 10/18/02
CAN 2002-1215
Impact
A remote attacker could execute arbitrary code on the
server with root privileges.
Background
Heartbeat is an availability monitoring package for Linux
developed by the
High-Availability Linux Project.
The Problem
Heartbeat version 0.4.9.1 and 0.4.9 beta versions a through d
are affected by a format string vulnerability which could
allow a remote attacker to execute arbitrary commands with
root privileges. The SuSE 8.0 and 8.1 and Debian 3.0 operating
systems are known to be affected by this vulnerability.
Resolution
Download
Heartbeat 0.4.9.2 or higher, or install an updated package
from your vendor.
Where can I read more about this?
This vulnerability was reported in
Debian
Security Advisory 174,
SuSE Security
Announcement 2002:037, and a security announcement from the
High-Availability Linux Project.