oss-sec mailing list archives
Re: memcached UDP amplification attacks
From: "Seaman, Chad" <cseaman () akamai com>
Date: Wed, 7 Mar 2018 21:57:30 +0000
Tomas, You’re not wrong, that was a typo in the blog. Regards, Chad On 3/7/18, 5:10 AM, "Tomas Hoger" <thoger () redhat com> wrote: On Fri, 2 Mar 2018 21:42:30 -0700 Kurt Seifried wrote: > I have assigned CVE-2018-1000115 to this issue: > > Memcached version 1.5.5 contains an Insufficient Control of Network > Message Volume (Network Amplification, CWE-406) vulnerability in the > UDP support of the memcached server that can result in denial of > service via network flood (traffic amplification of 1:50,000 has been > reported by reliable sources). This attack appear to be exploitable > via network connectivity to port 11211 UDP. This vulnerability > appears to have been fixed in 1.5.6 due to the disabling of the UDP > protocol by default. Minor nitpick, the description mentions 1:50,000 ratio, apparently based on the information in the following reference: > https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html where it's mentioned as: """ Worse, memcached can have an amplification factor of over 50,000, meaning a 203 byte request results in a 100 megabyte response. """ However, 200 * 50k = 10m, not 100m. Wonder if I'm doing my math wrong. -- Tomas Hoger / Red Hat Product Security
Current thread:
- memcached UDP amplification attacks Hanno Böck (Mar 02)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)
- Re: memcached UDP amplification attacks Tomas Hoger (Mar 07)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 07)
- Re: memcached UDP amplification attacks Seaman, Chad (Mar 07)
- Re: memcached UDP amplification attacks Patrick Forsberg (Mar 08)
- Re: memcached UDP amplification attacks Seaman, Chad (Mar 08)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)