Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

Debian: DSA-4218-1 Critical: Memcached Buffer Overflow And DoS

debian
Calendar Grey June 6, 2018
Debian Logo
Uncover security flaws in memcached through Debian advisory DSA-4218-1 and find out methods to fortify your network.
Several vulnerabilities were discovered in memcached, a high-performance memory object caching system

Summary

CVE-2017-9951

Daniel Shapira reported a heap-based buffer over-read in memcached
(resulting from an incomplete fix for CVE-2016-8705) triggered by
specially crafted requests to add/set a key and allowing a remote
attacker to cause a denial of service.

CVE-2018-1000115

It was reported that memcached listens to UDP by default. A remote
attacker can take advantage of it to use the memcached service as a
DDoS amplifier.

Default installations of memcached in Debian are not affected by
this issue as the installation defaults to listen only on localhost.
This update disables the UDP port by default. Listening on the UDP
can be re-enabled in the /etc/memcached.conf (cf.
/usr/share/doc/memcached/NEWS.Debian.gz).

CVE-2018-1000127

An integer overflow was reported in memcached, resulting in resource
leaks, data corruption, deadlocks or crashes.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.4.21-1.1+deb8u2.

For the stabl...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: memcached
CVE ID: CVE-2017-9951 CVE-2018-1000115 CVE-2018-1000127

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.