FYI, this issue was recently pointed out to me: > http://code.google.com/p/memcached/issues/detail?id=102 > > A remote attacker who is allowed to connect to memcached can crash > the server by sending bad input. I've not investigated this to see if it > is more than a DoS. > > People wanting to fix this may want to more thoroughly look at the > patch[1]. After a cursory glance at it, I'm not sure it is enough: > 1. it uses: > if (strcmp(ptr, "get ") && strcmp(ptr, "gets ")) { > > Why not use something like (*totally* untested): > if (strncmp(ptr, "get ", 5) && strncmp(ptr, "gets ", 5)) { > > just in case ptr is not NULL terminated? I haven't checked if this is > an > actual issue, but it certainly wouldn't hurt. '5' should probably be > changed to something more reasonable. > > 2. As I read the patch, couldn't an attacker send crafted input after > the 4 reallocs and then achieve the same thing (a DoS)?. Perhaps this > isn't a problem since it limits the object size to 1MB (according to > the > FAQ [2]). > > > [1]http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9 > [2]http://code.google.com/p/memcached/wiki/FAQ >
1.2.8, 1.4.5 are already in the tree, can they go stable?
*** Bug 316703 has been marked as a duplicate of this bug. ***
CVE-2010-1152 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1152): memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.
Rerated bug. Robin, please advise.
arches, please stabilize target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 test instructions: FEATURES=test emerge memcached
missed aliases. Arches, please see stablereq in comment 5.
Arches, please test and mark stable: =net-misc/memcached-1.4.5 Target keywords and instructions as per comment 5.
Build and tested on x86. Please mark stable for x86.
stable x86, thanks Myckel
Stable for HPPA.
alpha/arm/ia64/sh/sparc stable
amd64 stable
ppc done
ppc64 done too
GLSA Vote: yes.
Vote: NO, your memcached shouldn't be directly reachable from rogue networks anyway and it's "just" DoS.
Old and DoS only so GLSA Vote: no -> Closing. Feel free to reopen if you disagree.