oss-sec mailing list archives
CVE request: memcached DoS when printing out keys to be deleted in verbose mode
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 14 Jan 2013 10:13:28 -0700
We got a report about a DoS in memcached when run with -vv (verbose mode) and a request to delete a key is sent to the server (via memrm). Because memcached doesn't null terminate the keys as it prints them, fprintf may run off the end of the buffer. This isn't a very significant issue (even without SSP/FORTIFY_SOURCE if you could do something more malicious, memcached won't run as root). Also note the docs indicate that memcached should only be accessible via trusted users/hosts and not the internet at large, so the exposure should be minimal. References: https://bugzilla.redhat.com/show_bug.cgi?id=895054 https://code.google.com/p/memcached/issues/detail?id=306 https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096 Could a CVE be assigned for this? Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: memcached DoS when printing out keys to be deleted in verbose mode Vincent Danen (Jan 14)
- Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode Kurt Seifried (Jan 14)