Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 14 Jan 2013 12:16:58 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: memcached DoS when printing out keys
 to be deleted in verbose mode

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/14/2013 10:13 AM, Vincent Danen wrote:
> We got a report about a DoS in memcached when run with -vv
> (verbose mode) and a request to delete a key is sent to the server
> (via memrm). Because memcached doesn't null terminate the keys as
> it prints them, fprintf may run off the end of the buffer.
> 
> This isn't a very significant issue (even without
> SSP/FORTIFY_SOURCE if you could do something more malicious,
> memcached won't run as root). Also note the docs indicate that
> memcached should only be accessible via trusted users/hosts and not
> the internet at large, so the exposure should be minimal.
> 
> References:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=895054 
> https://code.google.com/p/memcached/issues/detail?id=306 
> https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096
>
> 
> 
> Could a CVE be assigned for this?  Thanks.
> 

Please use CVE-2013-0179 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ9FmpAAoJEBYNRVNeJnmTrZ0QAMSuV4tfSGZbLqn8KgBikAbF
iSYVVHQarteb0qNQcOvmr0DxW+3OVLZjwP4bcQ8T9K3rwZh6FG+u8hE+9JdDrOQ7
VFhan/fB38Xan6MYEdzZrEKebMwZWDDRi+gMM1HMPIxuakIcRpTh4mRZR8a1zHNi
C4Jp0Z4zQ+PxiB0IzojlimtNuWVYeFvf2wHGdcIGPEOBn9+9ook2vJnhiJubdjqX
YbrzQHDak8tt9ZkUmUORVud3I08sstP8tq5BcJZtQijfA6H1vOwW8324Up4g4x7p
B8nmeDR/yWiKBSRdYXtDiIWBeWKtsYSBFRHuOzxOTsCXs7JWW1H1HmY10lXPgGtq
iGghVdGg5jQNRO3VqrWpQ3O8jQkZehq00nYF5GIxYgqJxaQoyUpCnnvH9PtN2zvl
YrFGL9/vFKwp4pChwBdKoZuvUUiQkU6LvKAuGbLLtvl1bi5fRz1vycVjSeKBVJyz
hP7e/MNkJz7jpmAYp1zuKwGyZDAL8k3qsVyPK16nR9JL4frnCtE6un4B9InW+qZg
IKGrgu+OsYcrQAs/Zq2mDuIZ4OZtgixr7dVIqiN32pgt/hRwVwTTOzIWDP6rmtEY
Di4/YK0xVuULHD8Eama5hGu6u0mzXrIhEI+JXwl+l6LlxlOkDtap7HaHfsU94YNh
/7Drc1Ky4Th3NsxNNbcT
=CI8z
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.