MDVSA-2014:010 -- Mandriva memcachedID: oval:org.secpod.oval:def:1300263 | Date: (C)2014-01-24 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in memcached: The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr . memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials . The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179 . memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service via a request that triggers an unbounded key print during logging, related to an issue that was quickly grepped out of the source tree, a different vulnerability than CVE-2013-0179 and CVE-2013-7290 . The updated packages have been upgraded to the 1.4.17 version which is unaffected by these issues.
Platform: |
Mandriva Enterprise Server 5.2 |