oss-sec mailing list archives
Re: memcached remote seg fault
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 29 Apr 2013 19:45:41 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/29/2013 07:18 PM, Kurt Seifried wrote:
So this was brought to my attention: http://insecurety.net/?p=872 Memcached remote DoS (segmentation fault) Works like a charm on Fedora 18 running Memcached 1.4.15 (the latest stable). Please use CVE-2013-2026 for this issue. I guess the good news is that because memcached basically has no security most people run it within closed networks, hopefully no-one is running these things publicly like a lot of people used to (http://www.sensepost.com/blog/4873.html).
I'm officially full of fail today. Please REJECT CVE-2013-2026 (wrong year) and use CVE-2011-4971for this issue. No more CVEs today, I'm apparently to tired to do this right. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRfyJFAAoJEBYNRVNeJnmTDt0P/312an0AGHE9T2+Pc52dhBco lR5AxwD/hIZNO4JqArWZw52sWEpEaxK3DsqctSPFP+KN/zxP9bF/+72n10RHnq5A q9ajI4f7kwx942FpHrIhlUpohyHe6U9ifujvAO6PXww6r5gZe8X+1IN/8wQNcMRI h0/woRposai4L1vm9MDnBTMDPsQtr9MIzePefZkSRonDIAcCPV93rT6OEEO5Wckt H9lvrrhDaSRMfAOT3t8xwehYF9Sn2+i6OevbwBeeElOsBschZPMOfdbWPxhL3VPk DJLfl20YUTlDC9TP1QjMbeaRcsL6wxbIl/E8JZGSJu6GFjo95Le4As5WAm4jPXVB 7DPV39N1HI/S1PgZzZY8AxjAIWk3wks6o8wJ/vAJQe9t+UAV0j3KKIeBis5D5KwX 1k21AQRJf+knjwxhautcHgYE9TSZYVX258N0Esbr/x1NLm/ukyluoYNXL34Us0kN 8JFd91ksJTVZN5dWVfrBSAU1QqNBXnXiwQGMnNAQ9p3N46xdcxyQSvKaKhnq1WIy eB9aHJKCeAP+stnErXVcQm5DiUGuPvmxN89EnMFR9v3TQwXyd7D3c5faqNZAY7/s s779TstPeQlbBAsS6oyKsk+Zij3FzmnKgom74rPZKaiIdmIbBoAZ3iUCKHBKOXEQ lNGDPYLQKkbpFE8oPnpB =kp0+ -----END PGP SIGNATURE-----
Current thread:
- memcached remote seg fault Kurt Seifried (Apr 29)
- Re: memcached remote seg fault Kurt Seifried (Apr 29)