Vulnerabilities > CVE-2009-2415 - Numeric Errors vulnerability in Memcachedb Memcached 1.1.12/1.2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-12552.NASL description Addresses CVE-2009-2415 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43115 published 2009-12-14 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43115 title Fedora 11 : memcached-1.2.8-2.fc11 (2009-12552) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-12552. # include("compat.inc"); if (description) { script_id(43115); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-2415"); script_bugtraq_id(35989); script_xref(name:"FEDORA", value:"2009-12552"); script_name(english:"Fedora 11 : memcached-1.2.8-2.fc11 (2009-12552)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Addresses CVE-2009-2415 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=516489" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032645.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?910914e4" ); script_set_attribute( attribute:"solution", value:"Update the affected memcached package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:memcached"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"memcached-1.2.8-2.fc11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "memcached"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-13.NASL description The remote host is affected by the vulnerability described in GLSA-201406-13 (memcached: Multiple vulnerabilities) memcached authentication could be bypassed when using SASL due to a flaw related to SASL authentication state. Also several heap-based buffer overflows due to integer conversions when parsing certain length attributes were discovered. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or authenticate with invalid SASL credentials, bypassing memcached authentication completely. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76064 published 2014-06-16 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76064 title GLSA-201406-13 : memcached: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_0_MEMCACHED-090806.NASL description This update of memcached fixes a signedness problem which may lead to a buffer too small to hold all data received from the network, this may allow arbitrary remote code execution. (CVE-2009-2415) Additionally an information leak was fixed (CVE-2009-1494, CVE-2009-1255 ) last seen 2020-06-01 modified 2020-06-02 plugin id 40545 published 2009-08-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40545 title openSUSE Security Update : memcached (memcached-1165) NASL family SuSE Local Security Checks NASL id SUSE_MEMCACHED-6397.NASL description This update of memcached fixes a signedness problem which may lead to a buffer too small to hold all data received from the network, this may allow arbitrary remote code execution. (CVE-2009-2415) Additionally an information leak was fixed (CVE-2009-1494, CVE-2009-1255 ) last seen 2020-06-01 modified 2020-06-02 plugin id 42022 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42022 title openSUSE 10 Security Update : memcached (memcached-6397) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MEMCACHED-090806.NASL description This update of memcached fixes a signedness problem which may lead to a buffer too small to hold all data received from the network, this may allow arbitrary remote code execution. (CVE-2009-2415) Additionally an information leak was fixed (CVE-2009-1494, CVE-2009-1255 ) last seen 2020-06-01 modified 2020-06-02 plugin id 40546 published 2009-08-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40546 title openSUSE Security Update : memcached (memcached-1165) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1853.NASL description Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached (on etch with root privileges). last seen 2020-06-01 modified 2020-06-02 plugin id 44718 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44718 title Debian DSA-1853-1 : memcached - heap-based buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-202.NASL description A vulnerability has been found and corrected in memcached : Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows (CVE-2009-2415). This update provides a solution to this vulnerability. Additionally memcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES 5 that contains a number of upstream fixes, the repcached patch has been upgraded to 2.2 as well. last seen 2020-06-01 modified 2020-06-02 plugin id 40596 published 2009-08-17 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40596 title Mandriva Linux Security Advisory : memcached (MDVSA-2009:202)
Seebug
| bulletinFamily | exploit |
| description | Bugraq ID: 35989 CVE ID:CVE-2009-2415 Danga Interactive memcached是一款高性能的分布式内存缓存解决方案。 memcached在解析部分长度属性时存在由整数转换而造成基于堆的缓冲区溢出,远程攻击者可以利用漏洞以memcached运行进程权限执行任意代码。 目前没有更多详细信息系统。 Danga Interactive memcached 1.2.8 Danga Interactive memcached 1.2.7 Debian Linux用户可参考如下升级程序: Debian GNU/Linux 4.0 (etch) Debian (oldstable) Source: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.dsc http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12.orig.tar.gz http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz Alpha: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_alpha.deb AMD64: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_amd64.deb ARM: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_arm.deb HP Precision: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_hppa.deb Intel IA-32: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_ia64.deb Big-endian MIPS: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mips.deb Little-endian MIPS: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_sparc.deb Debian GNU/Linux 5.0 (lenny) Debian (stable) Source: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.dsc http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2.orig.tar.gz http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz Alpha: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_alpha.deb AMD64: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_amd64.deb ARM: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_arm.deb ARM EABI: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_armel.deb HP Precision: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_hppa.deb Intel IA-32: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_ia64.deb Big-endian MIPS: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mips.deb Little-endian MIPS: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_sparc.deb |
| id | SSV:12021 |
| last seen | 2017-11-19 |
| modified | 2009-08-10 |
| published | 2009-08-10 |
| reporter | Root |
| title | Memcached多个基于堆的缓冲区溢出漏洞 |
References
- http://osvdb.org/56906
- http://secunia.com/advisories/36133
- http://secunia.com/advisories/37729
- http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz
- http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz
- http://www.debian.org/security/2009/dsa-1853
- http://www.securityfocus.com/bid/35989
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00836.html