Linux-HA Heartbeat Insecure Default Permissions on Shared Memory Vulnerability

Bugtraq ID:	19186
Class:	Design Error
CVE:	CVE-2006-3815
Remote:	No
Local:	Yes
Published:	Jul 27 2006 12:00AM
Updated:	Oct 11 2006 09:44PM
Credit:	This vulnerability was reported by the vendor.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 MandrakeSoft Linux Mandrake 2006.0 x86_64 MandrakeSoft Linux Mandrake 2006.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Linux-HA heartbeat 2.0.5 Linux-HA heartbeat 2.0.4 Linux-HA heartbeat 2.0.3 Linux-HA heartbeat 2.0.2 Linux-HA heartbeat 2.0.1 Linux-HA heartbeat 2.0 Linux-HA heartbeat 1.2.3 - Debian Linux 3.1 sparc - Debian Linux 3.1 s/390 - Debian Linux 3.1 ppc - Debian Linux 3.1 mipsel - Debian Linux 3.1 mips - Debian Linux 3.1 m68k - Debian Linux 3.1 ia-64 - Debian Linux 3.1 ia-32 - Debian Linux 3.1 hppa - Debian Linux 3.1 arm - Debian Linux 3.1 alpha - Debian Linux 3.1 Linux-HA heartbeat 1.2.2 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian apt-cacher 0.9.10

Not Vulnerable:	Linux-HA heartbeat 2.0.6