Lucene search
RootSSV:11168HistoryMay 01, 2009 - 12:00 a.m.
Memcached stats maps命令信息泄露漏洞
2009-05-0100:00:00
Root
www.seebug.org
17
0.008 Low
EPSS
Percentile
80.0%
BUGTRAQ ID: 34756
CVE(CAN) ID: CVE-2009-1255
Memcached是一个开源的多平台数据库缓存软件。
如果远程攻击者连接到了memcached的TCP端口(默认11211)并发布了stats maps命令,Memcached就会直接将/proc/self/maps的输出管道传输给客户端。这可能导致泄漏所分配内存区域的地址。
Danga Interactive memcached 1.2.7
MemcacheDB MemcacheDB 1.2
Danga Interactive
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz” target=“_blank”>http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz</a>
Related
fedora
fedora
[SECURITY] Fedora 11 Update: memcached-1.2.8-1.fc11
2009-05-26 07:55:38
[SECURITY] Fedora 10 Update: memcached-1.2.8-1.fc10
2009-05-20 00:51:28
[SECURITY] Fedora 11 Update: memcached-1.2.8-2.fc11
2009-12-11 18:27:21
securityvulns
securityvulns
Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness
2009-05-01 00:00:00
Memcached / MemcacheDB information leak
2009-05-01 00:00:00
openvas
openvas
Fedora Core 11 FEDORA-2009-4542 (memcached)
2009-06-05 00:00:00
Fedora Core 10 FEDORA-2009-4199 (memcached)
2009-05-25 00:00:00
FreeBSD Ports: memcached
2009-09-02 00:00:00
nessus
nessus
FreeBSD : memcached -- memcached stats maps Information Disclosure Weakness (86ada694-8b30-11de-b9d0-000c6e274733)
2009-08-20 00:00:00
Memcached / MemcacheDB ASLR Bypass Weakness
2009-04-29 00:00:00
Fedora 10 : memcached-1.2.8-1.fc10 (2009-4199)
2009-05-20 00:00:00
debiancve
debiancve
CVE-2009-1255
2009-04-30 20:30:00
cve
cve
CVE-2009-1255
2009-04-30 20:30:00
prion
prion
Command injection
2009-04-30 20:30:00
freebsd
freebsd
memcached -- memcached stats maps Information Disclosure Weakness
2009-04-29 00:00:00
ubuntucve
ubuntucve
CVE-2009-1255
2009-04-30 00:00:00