Executive Summary
Summary | |
---|---|
Title | memcached: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201406-13 | First vendor Publication | 2014-06-15 |
Vendor | Gentoo | Last vendor Modification | 2014-06-15 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in memcached, allowing remote attackers to execute arbitrary code or cause Denial of Service. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201406-13.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201406-13.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
17 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13419 | |||
Oval ID: | oval:org.mitre.oval:def:13419 | ||
Title: | DSA-1853-1 memcached -- heap-based buffer overflow | ||
Description: | Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached. For the oldstable distribution, this problem has been fixed in version 1.1.12-1+etch1. For the stable distribution, this problem has been fixed in version 1.2.2-1+lenny1. For the testing and unstable distribution , this problem will be fixed soon. We recommend that you upgrade your memcached packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1853-1 CVE-2009-2415 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | memcached |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21020 | |||
Oval ID: | oval:org.mitre.oval:def:21020 | ||
Title: | DSA-2832-1 memcached - several | ||
Description: | Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2832-1 CVE-2011-4971 CVE-2013-7239 CVE-2013-0179 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | memcached |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22079 | |||
Oval ID: | oval:org.mitre.oval:def:22079 | ||
Title: | USN-2080-1 -- memcached vulnerabilities | ||
Description: | Several security issues were fixed in Memcached. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2080-1 CVE-2011-4971 CVE-2013-0179 CVE-2013-7239 | Version: | 5 |
Platform(s): | Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | memcached |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8166 | |||
Oval ID: | oval:org.mitre.oval:def:8166 | ||
Title: | DSA-1853 memcached -- heap-based buffer overflow | ||
Description: | Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached (on etch with root privileges). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1853 CVE-2009-2415 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | memcached |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-12-14 | Name : Fedora Core 11 FEDORA-2009-12552 (memcached) File : nvt/fcore_2009_12552.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:202 (memcached) File : nvt/mdksa_2009_202.nasl |
2009-08-20 | Name : Memcached Multiple Buffer Overflow Vulnerabilities File : nvt/secpod_memcached_mult_bof_vuln.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1853-1 (memcached) File : nvt/deb_1853_1.nasl |
2009-08-17 | Name : SuSE Security Summary SUSE-SR:2009:013 File : nvt/suse_sr_2009_013.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56906 | Memcached Length Attribute Handling Multiple Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-11-07 | Name : The remote Debian host is missing a security update. File : debian_DLA-701.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_memcached_20140731.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_memcached_20140401.nasl - Type : ACT_GATHER_INFO |
2014-07-04 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-454.nasl - Type : ACT_GATHER_INFO |
2014-06-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-13.nasl - Type : ACT_GATHER_INFO |
2014-02-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-0926.nasl - Type : ACT_GATHER_INFO |
2014-02-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-0934.nasl - Type : ACT_GATHER_INFO |
2014-01-30 | Name : The remote object store has an authentication bypass vulnerability. File : memcached_sasl_auth_bypass.nasl - Type : ACT_ATTACK |
2014-01-30 | Name : The remote host contains a memory-based object store that is potentially affe... File : memcached_1_4_17.nasl - Type : ACT_GATHER_INFO |
2014-01-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-010.nasl - Type : ACT_GATHER_INFO |
2014-01-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2080-1.nasl - Type : ACT_GATHER_INFO |
2014-01-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2832.nasl - Type : ACT_GATHER_INFO |
2013-11-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-280.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1853.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12552.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_memcached-6397.nasl - Type : ACT_GATHER_INFO |
2009-08-17 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-202.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_memcached-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_memcached-090806.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-06-17 13:25:41 |
|
2014-06-15 05:21:01 |
|