Memcached remote DoS in older versions

[dormando <dormando () rydia net>]

Hello,

There are a number of hang/crash bugs fixed in older versions of
memcached. All are noted in the release notes of the versions containing
the respective fixes, and most are years old.

I'm writing this in case pointing this out can help drive users to close
their instances from the internet; aside from participating in DDoS
attacks and remote users being able to read any data stored in the
instances, they can also be crashed or deadlocked.

I have a working POC deadlock for versions 1.4.20ish to 1.4.37. Older ones
should still be vulernable as well. I can supply the POC if there's
interest, or adjust it for even older versions. The POC only takes a few
seconds and kilobytes over a TCP connection and causes a mutex deadlock.

Thanks,
-Dormando