Lucene search

K
gentooGentoo FoundationGLSA-201406-13
HistoryJun 15, 2014 - 12:00 a.m.

memcached: Multiple vulnerabilities

2014-06-1500:00:00
Gentoo Foundation
security.gentoo.org
30

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.147

Percentile

95.9%

Background

memcached is a high-performance, distributed memory object caching system

Description

memcached authentication could be bypassed when using SASL due to a flaw related to SASL authentication state. Also several heap-based buffer overflows due to integer conversions when parsing certain length attributes were discovered.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or authenticate with invalid SASL credentials, bypassing memcached authentication completely.

Workaround

There is no known workaround at this time.

Resolution

All memcached users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/memcached-1.4.17"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/memcached<Β 1.4.17UNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.147

Percentile

95.9%