 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.108357 |
| Kategorie: | Denial of Service |
| Titel: | Memcached Amplification Attack (Memcrashed) |
| Zusammenfassung: | A publicly accessible Memcached server can be exploited to; participate in a Distributed Denial of Service (DDoS) attack. |
| Beschreibung: | Summary: A publicly accessible Memcached server can be exploited to participate in a Distributed Denial of Service (DDoS) attack. Vulnerability Insight: An Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible Memcached servers to overwhelm a victim system with response traffic. The basic attack technique consists of an attacker sending a valid query request to a Memcached server with the source address spoofed to be the victim's address. When the Memcached server sends the response, it is sent instead to the victim. Attackers will typically first inserting records into the open server to maximize the amplification effect. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. By leveraging a botnet to perform additional spoofed queries, an attacker can produce an overwhelming amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid clients, it is especially difficult to block these types of attacks. Solution: The following mitigation possibilities are currently available: - Disable public access to the UDP port of this Memcached server. - Configure Memcached to only listen on localhost by specifying '--listen 127.0.0.1' on server startup. - Disable the UDP protocol by specifying '-U 0' on server startup. - Update to Memcached to 1.5.6 which disables the UDP protocol by default. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000115 Debian Security Information: DSA-4218 (Google Search) https://www.debian.org/security/2018/dsa-4218 https://www.exploit-db.com/exploits/44264/ https://www.exploit-db.com/exploits/44265/ https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974 https://github.com/memcached/memcached/issues/348 https://github.com/memcached/memcached/wiki/ReleaseNotes156 https://twitter.com/dormando/status/968579781729009664 RedHat Security Advisories: RHBA-2018:2140 https://access.redhat.com/errata/RHBA-2018:2140 RedHat Security Advisories: RHSA-2018:1593 https://access.redhat.com/errata/RHSA-2018:1593 RedHat Security Advisories: RHSA-2018:1627 https://access.redhat.com/errata/RHSA-2018:1627 RedHat Security Advisories: RHSA-2018:2331 https://access.redhat.com/errata/RHSA-2018:2331 RedHat Security Advisories: RHSA-2018:2857 https://access.redhat.com/errata/RHSA-2018:2857 https://usn.ubuntu.com/3588-1/ |
| Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |