Computer Security
[EN] securityvulns.ru no-pyccku


memcached multiple security vulnerabilities
updated since 08.01.2014
Published:29.01.2014
Source:
SecurityVulns ID:13479
Type:remote
Threat Level:
6/10
Description:Authentication bypass if SASL is used, few DoS conditions.
Affected:MEMCACHED : memcached 1.4
CVE:CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290.)
 CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.)
 CVE-2013-7239 (memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.)
 CVE-2013-0179 (The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:010 ] memcached (29.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2832-1] memcached security update (08.01.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod