Debian Security Advisory

DSA-174-1 heartbeat -- buffer overflow

Date Reported:
14 Oct 2002
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2002-1215.
More information:

Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem for High-Availability Linux. A remote attacker could send a specially crafted UDP packet that overflows a buffer, leaving heartbeat to execute arbitrary code as root.

This problem has been fixed in version for the current stable distribution (woody) and version for the unstable distribution (sid). The old stable distribution (potato) doesn't contain a heartbeat package.

We recommend that you upgrade your heartbeat package immediately if you run internet connected servers that are heartbeat-monitored.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
HP Precision:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.