This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200608-23
(Heartbeat: Denial of Service)
Yan Rong Ge discovered that the peel_netstring() function in
cl_netstring.c does not validate the 'length' parameter of user input,
which can lead to an out-of-bounds memory access when processing
certain Heartbeat messages (CVE-2006-3121). Furthermore an unspecified
local DoS issue was fixed (CVE-2006-3815).
By sending a malicious UDP Heartbeat message, even before
authentication, a remote attacker can crash the master control process
of the cluster.
There is no known workaround at this time.
See also :
All Heartbeat users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose sys-cluster/heartbeat
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Gentoo Local Security Checks
Nessus Plugin ID: 22285 (gentoo_GLSA-200608-23.nasl)
CVE ID: CVE-2006-3121CVE-2006-3815
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.