oss-sec mailing list archives
Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 14 Jan 2013 12:16:58 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/14/2013 10:13 AM, Vincent Danen wrote:
We got a report about a DoS in memcached when run with -vv (verbose mode) and a request to delete a key is sent to the server (via memrm). Because memcached doesn't null terminate the keys as it prints them, fprintf may run off the end of the buffer. This isn't a very significant issue (even without SSP/FORTIFY_SOURCE if you could do something more malicious, memcached won't run as root). Also note the docs indicate that memcached should only be accessible via trusted users/hosts and not the internet at large, so the exposure should be minimal. References: https://bugzilla.redhat.com/show_bug.cgi?id=895054 https://code.google.com/p/memcached/issues/detail?id=306 https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096 Could a CVE be assigned for this? Thanks.
Please use CVE-2013-0179 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ9FmpAAoJEBYNRVNeJnmTrZ0QAMSuV4tfSGZbLqn8KgBikAbF iSYVVHQarteb0qNQcOvmr0DxW+3OVLZjwP4bcQ8T9K3rwZh6FG+u8hE+9JdDrOQ7 VFhan/fB38Xan6MYEdzZrEKebMwZWDDRi+gMM1HMPIxuakIcRpTh4mRZR8a1zHNi C4Jp0Z4zQ+PxiB0IzojlimtNuWVYeFvf2wHGdcIGPEOBn9+9ook2vJnhiJubdjqX YbrzQHDak8tt9ZkUmUORVud3I08sstP8tq5BcJZtQijfA6H1vOwW8324Up4g4x7p B8nmeDR/yWiKBSRdYXtDiIWBeWKtsYSBFRHuOzxOTsCXs7JWW1H1HmY10lXPgGtq iGghVdGg5jQNRO3VqrWpQ3O8jQkZehq00nYF5GIxYgqJxaQoyUpCnnvH9PtN2zvl YrFGL9/vFKwp4pChwBdKoZuvUUiQkU6LvKAuGbLLtvl1bi5fRz1vycVjSeKBVJyz hP7e/MNkJz7jpmAYp1zuKwGyZDAL8k3qsVyPK16nR9JL4frnCtE6un4B9InW+qZg IKGrgu+OsYcrQAs/Zq2mDuIZ4OZtgixr7dVIqiN32pgt/hRwVwTTOzIWDP6rmtEY Di4/YK0xVuULHD8Eama5hGu6u0mzXrIhEI+JXwl+l6LlxlOkDtap7HaHfsU94YNh /7Drc1Ky4Th3NsxNNbcT =CI8z -----END PGP SIGNATURE-----
Current thread:
- CVE request: memcached DoS when printing out keys to be deleted in verbose mode Vincent Danen (Jan 14)
- Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode Kurt Seifried (Jan 14)