Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 452098 (CVE-2013-0179) - net-misc/memcached: DoS when printing out keys to be deleted in verbose mode (CVE-2013-0179)
Summary: net-misc/memcached: DoS when printing out keys to be deleted in verbose mode ...
Status: RESOLVED FIXED
Alias: CVE-2013-0179
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-14 20:05 UTC by Agostino Sarubbo
Modified: 2014-06-19 11:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-01-14 20:05:09 UTC
From $URL :

We got a report about a DoS in memcached when run with -vv (verbose
mode) and a request to delete a key is sent to the server (via memrm).
Because memcached doesn't null terminate the keys as it prints them,
fprintf may run off the end of the buffer.

This isn't a very significant issue (even without SSP/FORTIFY_SOURCE if
you could do something more malicious, memcached won't run as root).
Also note the docs indicate that memcached should only be accessible via
trusted users/hosts and not the internet at large, so the exposure
should be minimal.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=895054
https://code.google.com/p/memcached/issues/detail?id=306
https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-07-07 12:40:00 UTC
Note that the patch that ago linked doesn't cover all instances of this overrun, see the bug report. Upstream hasn't released a fix yet.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-02-04 14:00:22 UTC
CVE-2013-0179 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0179):
  The process_bin_delete function in memcached.c in memcached 1.4.4 and other
  versions before 1.4.17, when running in verbose mode, allows remote
  attackers to cause a denial of service (segmentation fault) via a request to
  delete a key, which does not account for the lack of a null terminator in
  the key and triggers a buffer over-read when printing to stderr.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-06-08 16:51:47 UTC
Maintainers, this looks like it is fixed in 1.4.17, I am adding it to existing GLSA. Please advise if otherwise.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-06-15 00:48:03 UTC
This issue was resolved and addressed in
 GLSA 201406-13 at http://security.gentoo.org/glsa/glsa-201406-13.xml
by GLSA coordinator Chris Reffett (creffett).
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-06-19 11:49:48 UTC
This issue was resolved and addressed in
 GLSA 201406-13 at http://security.gentoo.org/glsa/glsa-201406-13.xml
by GLSA coordinator Chris Reffett (creffett).