Executive Summary

Informations
Name CVE-2009-1255 First vendor Publication 2009-04-30
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1255

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 16

OpenVAS Exploits

Date Description
2009-12-14 Name : Fedora Core 11 FEDORA-2009-12552 (memcached)
File : nvt/fcore_2009_12552.nasl
2009-09-02 Name : FreeBSD Ports: memcached
File : nvt/freebsd_memcached.nasl
2009-08-17 Name : SuSE Security Summary SUSE-SR:2009:013
File : nvt/suse_sr_2009_013.nasl
2009-06-05 Name : Fedora Core 11 FEDORA-2009-4542 (memcached)
File : nvt/fcore_2009_4542.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:105 (memcached)
File : nvt/mdksa_2009_105.nasl
2009-05-25 Name : Fedora Core 10 FEDORA-2009-4199 (memcached)
File : nvt/fcore_2009_4199.nasl
2009-05-18 Name : Memcached Information Disclosure Vulnerabilities
File : nvt/gb_memcached_info_disclosure_vuln.nasl
2009-05-18 Name : MemcacheDB Information Disclosure Vulnerability
File : nvt/gb_memcachedb_info_disclosure_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54127 Memcached / MemcacheDB stats maps Command Remote Information Disclosure

Nessus® Vulnerability Scanner

Date Description
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_memcached-6397.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_86ada6948b3011deb9d0000c6e274733.nasl - Type : ACT_GATHER_INFO
2009-08-11 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_memcached-090806.nasl - Type : ACT_GATHER_INFO
2009-08-11 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_memcached-090806.nasl - Type : ACT_GATHER_INFO
2009-05-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4542.nasl - Type : ACT_GATHER_INFO
2009-05-20 Name : The remote Fedora host is missing a security update.
File : fedora_2009-4199.nasl - Type : ACT_GATHER_INFO
2009-05-05 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-105.nasl - Type : ACT_GATHER_INFO
2009-04-29 Name : The remote object store suffers from a weakness that may make buffer overflow...
File : memcached_aslr_bypass.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&...
http://code.google.com/p/memcachedb/source/detail?r=98
http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&forma...
http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
http://osvdb.org/54127
http://secunia.com/advisories/34915
http://secunia.com/advisories/34932
http://secunia.com/advisories/35175
http://www.mandriva.com/security/advisories?name=MDVSA-2009:105
http://www.positronsecurity.com/advisories/2009-001.html
http://www.securityfocus.com/archive/1/503064/100/0/threaded
http://www.securityfocus.com/bid/34756
http://www.securitytracker.com/id?1022140
http://www.vupen.com/english/advisories/2009/1196
http://www.vupen.com/english/advisories/2009/1197
https://exchange.xforce.ibmcloud.com/vulnerabilities/50221
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2024-11-28 23:11:25
  • Multiple Updates
2024-11-28 12:18:43
  • Multiple Updates
2021-05-05 01:05:50
  • Multiple Updates
2021-05-04 12:09:24
  • Multiple Updates
2021-04-22 01:09:44
  • Multiple Updates
2020-05-23 01:40:16
  • Multiple Updates
2020-05-23 00:23:37
  • Multiple Updates
2018-10-11 00:19:34
  • Multiple Updates
2017-08-17 09:22:32
  • Multiple Updates
2016-06-28 17:39:13
  • Multiple Updates
2016-04-26 18:45:07
  • Multiple Updates
2014-02-17 10:49:38
  • Multiple Updates
2013-05-10 23:48:21
  • Multiple Updates