Date: Mon, 30 Dec 2013 08:17:26 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE Request: SASL authentication allows wrong credentials to access memcache Hi >From upstream release notes for 1.4.17 it states "The other notable bug is a SASL authentication bypass glitch. If a client makes an invalid request with SASL credentials, it will initially fail. However if you issue a second request with bad SASL credentials, it will authenticate. This has now been fixed.". The upstream bugreport is at , with the corresponding commit fixing this issue at .  https://code.google.com/p/memcached/wiki/ReleaseNotes1417  https://code.google.com/p/memcached/issues/detail?id=316  https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32 Could a CVE be assigned to this issue? Regards, and thanks in advance Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.