Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED_MEMCACHED-RHEL7.NASL
HistoryJun 03, 2024 - 12:00 a.m.

RHEL 7 : memcached (Unpatched Vulnerability)

2024-06-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
redhat enterprise linux
memcached
unpatched vulnerability
integer overflow
denial of service
network amplification

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.964 High

EPSS

Percentile

99.6%

JSON

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • memcached: Integer Overflow in items.c:item_free() (CVE-2018-1000127)

  • The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705. (CVE-2017-9951)

  • Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. (CVE-2018-1000115)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory memcached. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(199970);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id("CVE-2017-9951", "CVE-2018-1000115", "CVE-2018-1000127");

  script_name(english:"RHEL 7 : memcached (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - memcached: Integer Overflow in items.c:item_free() (CVE-2018-1000127)

  - The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a
    denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between
    signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists
    because of an incomplete fix for CVE-2016-8705. (CVE-2017-9951)

  - Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification,
    CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via
    network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack
    appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have
    been fixed in 1.5.6 due to the disabling of the UDP protocol by default. (CVE-2018-1000115)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000127");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:memcached");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'memcached', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'memcached'}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'memcached');
}
VendorProductVersionCPE
redhatenterprise_linuxmemcachedp-cpe:/a:redhat:enterprise_linux:memcached
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7

Related

debian 7
nessus 48
openvas 38
osv 9
rosalinux 1
cve 4
veracode 4
fedora 7
alpinelinux 3
ubuntucve 4
cvelist 4
prion 4
debiancve 4
ubuntu 3
redhatcve 3
nvd 4
redhat 8
rapid7blog 1
talos 1
checkpoint_advisories 2
amazon 3
altlinux 2
suse 4
thn 3
f5 1
mageia 3
centos 2
ibm 4
archlinux 1
packetstorm 1
freebsd 1
oraclelinux 2
gentoo 1
debian
debian
[SECURITY] [DSA 4218-1] memcached security update
2018-06-06 18:52:34
[SECURITY] [DSA 4218-1] memcached security update
2018-06-06 18:52:34
[SECURITY] [DLA 1033-1] memcached security update
2017-07-20 09:08:07
nessus
nessus
RHEL 7 : memcached (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : memcached (Unpatched Vulnerability)
2024-05-11 00:00:00
EulerOS 2.0 SP2 : memcached (EulerOS-SA-2019-2391)
2019-12-10 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4218-1)
2018-06-05 00:00:00
Huawei EulerOS: Security Advisory for memcached (EulerOS-SA-2019-2391)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for memcached (EulerOS-SA-2020-1784)
2020-07-03 00:00:00
osv
osv
memcached - security update
2018-06-06 00:00:00
CVE-2017-9951
2017-07-17 13:18:30
memcached - security update
2018-03-29 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1917
2021-07-02 17:28:39
cve
cve
CVE-2017-9951
2017-07-17 13:18:30
CVE-2018-1000127
2018-03-13 21:29:00
CVE-2018-1000115
2018-03-05 14:29:00
veracode
veracode
Denial Of Service (DoS)
2020-05-10 23:24:29
Data Corruption
2019-01-15 09:25:19
Denial Of Service (DoS)
2019-01-15 09:21:25
fedora
fedora
[SECURITY] Fedora 26 Update: memcached-1.4.39-1.fc26
2017-11-22 02:32:28
[SECURITY] Fedora 25 Update: memcached-1.4.39-1.fc25
2017-11-22 05:09:09
[SECURITY] Fedora 26 Update: memcached-1.4.39-2.fc26
2018-04-22 00:59:35
alpinelinux
alpinelinux
CVE-2017-9951
2017-07-17 13:18:30
CVE-2016-8705
2017-01-06 21:59:01
CVE-2018-1000115
2018-03-05 14:29:00
ubuntucve
ubuntucve
CVE-2017-9951
2017-07-17 00:00:00
CVE-2018-1000127
2018-03-13 00:00:00
CVE-2016-8705
2016-11-02 00:00:00
cvelist
cvelist
CVE-2017-9951
2017-07-17 06:00:00
CVE-2018-1000127
2018-03-13 21:00:00
CVE-2016-8705
2017-01-06 21:00:00
prion
prion
Heap overflow
2017-07-17 13:18:00
Integer overflow
2018-03-13 21:29:00
Integer overflow
2017-01-06 21:59:00
debiancve
debiancve
CVE-2017-9951
2017-07-17 13:18:30
CVE-2018-1000127
2018-03-13 21:29:00
CVE-2016-8705
2017-01-06 21:59:01
ubuntu
ubuntu
Memcached vulnerabilities
2018-03-05 00:00:00
Memcached vulnerability
2018-03-19 00:00:00
Memcached vulnerabilities
2016-11-02 00:00:00
redhatcve
redhatcve
CVE-2017-9951
2017-07-17 20:18:35
CVE-2016-8705
2017-01-11 19:17:30
CVE-2018-1000115
2018-03-03 05:20:40
nvd
nvd
CVE-2017-9951
2017-07-17 13:18:30
CVE-2018-1000127
2018-03-13 21:29:00
CVE-2018-1000115
2018-03-05 14:29:00
redhat
redhat
(RHSA-2018:2290) Moderate: memcached security update
2018-07-30 17:28:24
(RHSA-2018:2331) Moderate: Red Hat OpenStack Platform 12.0 director security and bug fix update
2018-08-20 12:40:32
(RHSA-2018:2857) Moderate: Red Hat OpenStack Platform 8 director security and bug fix update
2018-10-02 18:36:19
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of memcached
2020-12-07 15:17:30
talos
talos
Memcached Server Update Remote Code Execution Vulnerability
2016-10-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Memcached process_bin_update body_len Integer Overflow (CVE-2016-8705)
2016-11-29 00:00:00
Memcached Web-Servers Network Flood Denial of Service (CVE-2018-1000115)
2018-03-06 00:00:00
amazon
amazon
Medium: memcached
2018-03-07 21:14:00
Medium: memcached
2018-03-08 21:24:00
Important: memcached
2016-11-10 18:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package memcached version 1.5.6-alt1.M80P.1
2018-03-06 00:00:00
Security fix for the ALT Linux 8 package memcached version 1.4.33-alt1
2016-11-02 00:00:00
suse
suse
Security update for memcached (important)
2018-03-30 15:08:08
Security update for memcached (important)
2018-03-29 12:13:00
Security update for memcached (important)
2018-03-26 15:09:40
thn
thn
'Kill Switch' to Mitigate Memcached DDoS Attacks — Flush 'Em All
2018-03-08 06:53:00
Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking
2017-07-18 04:52:00
Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System
2016-11-01 23:21:00
f5
f5
K63525027 : Memcached vulnerability CVE-2018-1000115
2018-03-20 00:00:00
mageia
mageia
Updated memcached packages disable UDP by default
2018-03-14 19:21:20
Updated memcached packages fix security vulnerability
2017-12-02 02:13:21
Updated memcached packages fix security vulnerability
2016-11-17 19:37:05
centos
centos
memcached security update
2016-11-28 22:32:14
memcached security update
2016-11-25 16:47:41
ibm
ibm
Security Bulletin: Vulnerability in memcached affects SmartCloud Entry (CVE-2016-8704, CVE-2016-8705)
2020-07-19 00:49:12
Security Bulletin: Vulnerabilities in Memcached affect IBM Tealeaf Customer Experience and IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
2018-06-16 20:07:47
Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
2018-07-10 16:24:55
archlinux
archlinux
[ASA-201611-1] memcached: arbitrary code execution
2016-11-01 00:00:00
packetstorm
packetstorm
Memcached 1.4.33 Proof Of Concept
2016-11-03 00:00:00
freebsd
freebsd
memcached -- multiple vulnerabilities
2016-10-31 00:00:00
oraclelinux
oraclelinux
memcached security update
2016-11-23 00:00:00
memcached security update
2016-11-23 00:00:00
gentoo
gentoo
memcached: Multiple vulnerabilities
2017-01-02 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.964 High

EPSS

Percentile

99.6%

JSON
Related for REDHAT_UNPATCHED_MEMCACHED-RHEL7.NASL
debian7nessus48openvas38osv9rosalinux1cve4veracode4fedora7alpinelinux3ubuntucve4cvelist4prion4debiancve4ubuntu3redhatcve3nvd4redhat8rapid7blog1talos1checkpoint_advisories2amazon3altlinux2suse4thn3f51mageia3centos2ibm4archlinux1packetstorm1freebsd1oraclelinux2gentoo1