FreeBSD Local Security Checks : FreeBSD Ports: memcached

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64787

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: memcached

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: memcached

CVE-2009-1255
The process_stat function in (1) Memcached before 1.2.8 and (2)
MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in
response to a stats maps command and (b) memory-allocation statistics
in response to a stats malloc command, which allows remote attackers
to obtain sensitive information such as the locations of memory
regions, and defeat ASLR protection, by sending a command to the
daemon's TCP port.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1255
BugTraq ID: 34756
http://www.securityfocus.com/bid/34756
Bugtraq: 20090428 Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness (Google Search)
http://www.securityfocus.com/archive/1/503064/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:105
http://www.positronsecurity.com/advisories/2009-001.html
http://osvdb.org/54127
http://www.securitytracker.com/id?1022140
http://secunia.com/advisories/34915
http://secunia.com/advisories/34932
http://secunia.com/advisories/35175
http://www.vupen.com/english/advisories/2009/1196
http://www.vupen.com/english/advisories/2009/1197
XForce ISS Database: memcachedb-procselfmaps-info-disclosure(50221)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50221

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64787
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: memcached
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: memcached CVE-2009-1255 The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1255 BugTraq ID: 34756 http://www.securityfocus.com/bid/34756 Bugtraq: 20090428 Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness (Google Search) http://www.securityfocus.com/archive/1/503064/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:105 http://www.positronsecurity.com/advisories/2009-001.html http://osvdb.org/54127 http://www.securitytracker.com/id?1022140 http://secunia.com/advisories/34915 http://secunia.com/advisories/34932 http://secunia.com/advisories/35175 http://www.vupen.com/english/advisories/2009/1196 http://www.vupen.com/english/advisories/2009/1197 XForce ISS Database: memcachedb-procselfmaps-info-disclosure(50221) https://exchange.xforce.ibmcloud.com/vulnerabilities/50221
Copyright	Copyright (C) 2009 E-Soft Inc.