Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 29 Apr 2013 19:45:41 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: memcached remote seg fault

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/29/2013 07:18 PM, Kurt Seifried wrote:
> So this was brought to my attention:
> 
> http://insecurety.net/?p=872
> 
> Memcached remote DoS (segmentation fault)
> 
> Works like a charm on Fedora 18 running Memcached 1.4.15 (the
> latest stable).
> 
> Please use CVE-2013-2026 for this issue. I guess the good news is
> that because memcached basically has no security most people run it
> within closed networks, hopefully no-one is running these things
> publicly like a lot of people used to
> (http://www.sensepost.com/blog/4873.html).

I'm officially full of fail today. Please REJECT CVE-2013-2026 (wrong
year) and use CVE-2011-4971for this issue. No more CVEs today, I'm
apparently to tired to do this right.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRfyJFAAoJEBYNRVNeJnmTDt0P/312an0AGHE9T2+Pc52dhBco
lR5AxwD/hIZNO4JqArWZw52sWEpEaxK3DsqctSPFP+KN/zxP9bF/+72n10RHnq5A
q9ajI4f7kwx942FpHrIhlUpohyHe6U9ifujvAO6PXww6r5gZe8X+1IN/8wQNcMRI
h0/woRposai4L1vm9MDnBTMDPsQtr9MIzePefZkSRonDIAcCPV93rT6OEEO5Wckt
H9lvrrhDaSRMfAOT3t8xwehYF9Sn2+i6OevbwBeeElOsBschZPMOfdbWPxhL3VPk
DJLfl20YUTlDC9TP1QjMbeaRcsL6wxbIl/E8JZGSJu6GFjo95Le4As5WAm4jPXVB
7DPV39N1HI/S1PgZzZY8AxjAIWk3wks6o8wJ/vAJQe9t+UAV0j3KKIeBis5D5KwX
1k21AQRJf+knjwxhautcHgYE9TSZYVX258N0Esbr/x1NLm/ukyluoYNXL34Us0kN
8JFd91ksJTVZN5dWVfrBSAU1QqNBXnXiwQGMnNAQ9p3N46xdcxyQSvKaKhnq1WIy
eB9aHJKCeAP+stnErXVcQm5DiUGuPvmxN89EnMFR9v3TQwXyd7D3c5faqNZAY7/s
s779TstPeQlbBAsS6oyKsk+Zij3FzmnKgom74rPZKaiIdmIbBoAZ3iUCKHBKOXEQ
lNGDPYLQKkbpFE8oPnpB
=kp0+
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ