Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.800715
Category:General
Title:Memcached < 1.2.8 Information Disclosure Vulnerabilities
Summary:Memcached is prone to multiple information disclosure; vulnerabilities.
Description:Summary:
Memcached is prone to multiple information disclosure
vulnerabilities.

Vulnerability Insight:
- Error in process_stat function discloses the contents of
/proc/self/maps in response to a stats maps command.

- Error in process_stat function which discloses memory allocation statistics in response to a
stats malloc command.

Vulnerability Impact:
Successful exploitation will let the attacker craft malicious
commands and pass it to the vulnerable functions to gain sensitive information about the
application i.e. disclosure of locations of memory regions and defeat ASLR protections, by sending
a command to the daemon's TCP port.

Affected Software/OS:
Memcached version prior to 1.2.8.

Solution:
Update to version 1.2.8 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 34756
Common Vulnerability Exposure (CVE) ID: CVE-2009-1255
http://www.securityfocus.com/bid/34756
Bugtraq: 20090428 Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness (Google Search)
http://www.securityfocus.com/archive/1/503064/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:105
http://www.positronsecurity.com/advisories/2009-001.html
http://osvdb.org/54127
http://www.securitytracker.com/id?1022140
http://secunia.com/advisories/34915
http://secunia.com/advisories/34932
http://secunia.com/advisories/35175
http://www.vupen.com/english/advisories/2009/1196
http://www.vupen.com/english/advisories/2009/1197
XForce ISS Database: memcachedb-procselfmaps-info-disclosure(50221)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50221
Common Vulnerability Exposure (CVE) ID: CVE-2009-1494
http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
http://code.google.com/p/memcachedb/source/detail?r=98
http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c
http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz
XForce ISS Database: memcached-processstat-info-disclosure(50444)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50444
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.