Summary: | net-misc/memcached: DoS when printing out keys to be deleted in verbose mode (CVE-2013-0179) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | robbat2 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/01/14/4 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-01-14 20:05:09 UTC
Note that the patch that ago linked doesn't cover all instances of this overrun, see the bug report. Upstream hasn't released a fix yet. CVE-2013-0179 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0179): The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. Maintainers, this looks like it is fixed in 1.4.17, I am adding it to existing GLSA. Please advise if otherwise. This issue was resolved and addressed in GLSA 201406-13 at http://security.gentoo.org/glsa/glsa-201406-13.xml by GLSA coordinator Chris Reffett (creffett). This issue was resolved and addressed in GLSA 201406-13 at http://security.gentoo.org/glsa/glsa-201406-13.xml by GLSA coordinator Chris Reffett (creffett). |