Memcached Information Disclosure Vulnerabilities Network Vulnerability

Summary

The host is running Memcached and is prone to Information Disclosure Vulnerabilities.

Impact

Successful exploitation will let the attacker craft malicious commands and pass it to the vulnerable functions to gain sensitive information about the application i.e. disclosure of locations of memory regions and defeat ASLR protections, by sending a command to the daemon's TCP port.

Solution

Upgrade to the latest version 1.2.8 http://www.danga.com/memcached

Insight

- Error in process_stat function discloses the contents of /proc/self/maps in response to a stats maps command. - Error in process_stat function which discloses memory allocation statistics in response to a stats malloc command.

Affected

Memcached version prior to 1.2.8

References

http://secunia.com/advisories/34915
http://www.positronsecurity.com/advisories/2009-001.html
http://www.vupen.com/english/advisories/2009/1196

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1255, CVE-2009-1494

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
Avant Browser Address Bar Spoofing Vulnerability
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Apple Safari Multiple Vulnerabilities
Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)

Take action and discover your vulnerabilities