oss-sec mailing list archives

Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 14 Jan 2013 12:16:58 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/14/2013 10:13 AM, Vincent Danen wrote:

We got a report about a DoS in memcached when run with -vv
(verbose mode) and a request to delete a key is sent to the server
(via memrm). Because memcached doesn't null terminate the keys as
it prints them, fprintf may run off the end of the buffer.

This isn't a very significant issue (even without
SSP/FORTIFY_SOURCE if you could do something more malicious,
memcached won't run as root). Also note the docs indicate that
memcached should only be accessible via trusted users/hosts and not
the internet at large, so the exposure should be minimal.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=895054 
https://code.google.com/p/memcached/issues/detail?id=306 
https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096



Could a CVE be assigned for this?  Thanks.


Please use CVE-2013-0179 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ9FmpAAoJEBYNRVNeJnmTrZ0QAMSuV4tfSGZbLqn8KgBikAbF
iSYVVHQarteb0qNQcOvmr0DxW+3OVLZjwP4bcQ8T9K3rwZh6FG+u8hE+9JdDrOQ7
VFhan/fB38Xan6MYEdzZrEKebMwZWDDRi+gMM1HMPIxuakIcRpTh4mRZR8a1zHNi
C4Jp0Z4zQ+PxiB0IzojlimtNuWVYeFvf2wHGdcIGPEOBn9+9ook2vJnhiJubdjqX
YbrzQHDak8tt9ZkUmUORVud3I08sstP8tq5BcJZtQijfA6H1vOwW8324Up4g4x7p
B8nmeDR/yWiKBSRdYXtDiIWBeWKtsYSBFRHuOzxOTsCXs7JWW1H1HmY10lXPgGtq
iGghVdGg5jQNRO3VqrWpQ3O8jQkZehq00nYF5GIxYgqJxaQoyUpCnnvH9PtN2zvl
YrFGL9/vFKwp4pChwBdKoZuvUUiQkU6LvKAuGbLLtvl1bi5fRz1vycVjSeKBVJyz
hP7e/MNkJz7jpmAYp1zuKwGyZDAL8k3qsVyPK16nR9JL4frnCtE6un4B9InW+qZg
IKGrgu+OsYcrQAs/Zq2mDuIZ4OZtgixr7dVIqiN32pgt/hRwVwTTOzIWDP6rmtEY
Di4/YK0xVuULHD8Eama5hGu6u0mzXrIhEI+JXwl+l6LlxlOkDtap7HaHfsU94YNh
/7Drc1Ky4Th3NsxNNbcT
=CI8z
-----END PGP SIGNATURE-----

Current thread:

CVE request: memcached DoS when printing out keys to be deleted in verbose mode Vincent Danen (Jan 14)
- Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode Kurt Seifried (Jan 14)