Denial of Service : Memcached Amplification Attack (Memcrashed)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.108357

Categoría: Denial of Service

Título: Memcached Amplification Attack (Memcrashed)

Resumen: A publicly accessible Memcached server can be exploited to; participate in a Distributed Denial of Service (DDoS) attack.

Descripción: Summary:
A publicly accessible Memcached server can be exploited to
participate in a Distributed Denial of Service (DDoS) attack.

Vulnerability Insight:
An Amplification attack is a popular form of Distributed Denial
of Service (DDoS) that relies on the use of publicly accessible Memcached servers to overwhelm a
victim system with response traffic.

The basic attack technique consists of an attacker sending a valid query request to a Memcached
server with the source address spoofed to be the victim's address. When the Memcached server sends
the response, it is sent instead to the victim. Attackers will typically first inserting records
into the open server to maximize the amplification effect. Because the size of the response is
typically considerably larger than the request, the attacker is able to amplify the volume of
traffic directed at the victim. By leveraging a botnet to perform additional spoofed queries, an
attacker can produce an overwhelming amount of traffic with little effort. Additionally, because
the responses are legitimate data coming from valid clients, it is especially difficult to block
these types of attacks.

Solution:
The following mitigation possibilities are currently available:

- Disable public access to the UDP port of this Memcached server.

- Configure Memcached to only listen on localhost by specifying '--listen 127.0.0.1' on server
startup.

- Disable the UDP protocol by specifying '-U 0' on server startup.

- Update to Memcached to 1.5.6 which disables the UDP protocol by default.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-1000115

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.108357
Categoría:	Denial of Service
Título:	Memcached Amplification Attack (Memcrashed)
Resumen:	A publicly accessible Memcached server can be exploited to; participate in a Distributed Denial of Service (DDoS) attack.
Descripción:	Summary: A publicly accessible Memcached server can be exploited to participate in a Distributed Denial of Service (DDoS) attack. Vulnerability Insight: An Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible Memcached servers to overwhelm a victim system with response traffic. The basic attack technique consists of an attacker sending a valid query request to a Memcached server with the source address spoofed to be the victim's address. When the Memcached server sends the response, it is sent instead to the victim. Attackers will typically first inserting records into the open server to maximize the amplification effect. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. By leveraging a botnet to perform additional spoofed queries, an attacker can produce an overwhelming amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid clients, it is especially difficult to block these types of attacks. Solution: The following mitigation possibilities are currently available: - Disable public access to the UDP port of this Memcached server. - Configure Memcached to only listen on localhost by specifying '--listen 127.0.0.1' on server startup. - Disable the UDP protocol by specifying '-U 0' on server startup. - Update to Memcached to 1.5.6 which disables the UDP protocol by default. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1000115
Copyright	Copyright (C) 2018 Greenbone Networks GmbH