Computer Security
[EN] securityvulns.ru no-pyccku


Memcached / MemcacheDB information leak
Published:01.05.2009
Source:
SecurityVulns ID:9881
Type:remote
Threat Level:
3/10
Description:Unauthorized user can obtain information about process memory layout, making code execution protection techniques ineffective.
Affected:MEMCACHED : memcached 1.2
 MEMCACHEDB : memcacheDB 1.2
CVE:CVE-2009-1255 (The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.)
Original documentdocumentPositron Security, Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness (01.05.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod