Search for vulnerabilities
Vulnerability details: VCID-36v2-8464-aaae
Vulnerability ID VCID-36v2-8464-aaae
Aliases CVE-2006-3815
Summary heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
Status Published
Exploitability 2.0
Weighted Severity 1.9
Risk 3.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2006-3815
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2006-3815
Reference id Reference type URL
http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514
https://api.first.org/data/v1/epss?cve=CVE-2006-3815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3815
http://secunia.com/advisories/21162
http://secunia.com/advisories/21231
http://secunia.com/advisories/21240
http://secunia.com/advisories/21521
http://secunia.com/advisories/21629
http://security.gentoo.org/glsa/glsa-200608-23.xml
http://securitytracker.com/id?1016602
http://www.debian.org/security/2006/dsa-1128
http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt
http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:142
http://www.securityfocus.com/bid/19186
http://www.ubuntu.com/usn/usn-326-1
http://www.vupen.com/english/advisories/2006/2994
379904 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379904
cpe:2.3:a:linux-ha:heartbeat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linux-ha:heartbeat:*:*:*:*:*:*:*:*
CVE-2006-3815 https://nvd.nist.gov/vuln/detail/CVE-2006-3815
CVE-2006-3815;OSVDB-27555 Exploit http://secunia.com/advisories/21162/
CVE-2006-3815;OSVDB-27555 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/28287.c
GLSA-200608-23 https://security.gentoo.org/glsa/200608-23
USN-326-1 https://usn.ubuntu.com/326-1/
Data source Exploit-DB
Date added July 27, 2006
Description Linux-HA Heartbeat 1.2.3/2.0.x - Insecure Default Permissions on Shared Memory
Ransomware campaign use Known
Source publication date July 27, 2006
Exploit type local
Platform linux
Source update date Sept. 15, 2013
Source URL http://secunia.com/advisories/21162/
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-3815
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.00344
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.