Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в memcached
дополнено с 8 января 2014 г.
Опубликовано:29 января 2014 г.
Источник:
SecurityVulns ID:13479
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход аутентификации при использовании SASL, различные DoS-условия.
Затронутые продукты:MEMCACHED : memcached 1.4
CVE:CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290.)
 CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.)
 CVE-2013-7239 (memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.)
 CVE-2013-0179 (The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:010 ] memcached (29.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2832-1] memcached security update (08.01.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород