Vulnerabilities > CVE-2018-1000115 - Resource Exhaustion vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
memcached
canonical
debian
redhat
CWE-400
nessus
exploit available
metasploit

Summary

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Exploit-Db

  • descriptionMemcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1). CVE-2018-1000115. Dos exploit for Linux platform
    fileexploits/linux/dos/44264.c
    idEDB-ID:44264
    last seen2018-05-24
    modified2018-03-05
    platformlinux
    port11211
    published2018-03-05
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/44264/
    titleMemcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)
    typedos
  • descriptionMemcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API. CVE-2018-1000115. Dos exploit for Linux pla...
    fileexploits/linux/dos/44265.py
    idEDB-ID:44265
    last seen2018-05-24
    modified2018-03-08
    platformlinux
    port11211
    published2018-03-08
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/44265/
    titleMemcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API
    typedos

Metasploit

descriptionThis module can be used to discover Memcached servers which expose the unrestricted UDP port 11211. A basic "stats" request is executed to check if an amplification attack is possible against a third party.
idMSF:AUXILIARY/SCANNER/MEMCACHED/MEMCACHED_AMP
last seen2020-06-13
modified2018-03-07
published2018-02-28
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/memcached/memcached_amp.rb
titleMemcached Stats Amplification Scanner

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2213.NASL
    descriptionAccording to the versions of the memcached package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.(CVE-2018-1000115) - The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.(CVE-2017-9951) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130675
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130675
    titleEulerOS 2.0 SP5 : memcached (EulerOS-SA-2019-2213)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130675);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2017-9951",
        "CVE-2018-1000115"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : memcached (EulerOS-SA-2019-2213)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the memcached package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - Memcached version 1.5.5 contains an Insufficient
        Control of Network Message Volume (Network
        Amplification, CWE-406) vulnerability in the UDP
        support of the memcached server that can result in
        denial of service via network flood (traffic
        amplification of 1:50,000 has been reported by reliable
        sources). This attack appear to be exploitable via
        network connectivity to port 11211 UDP. This
        vulnerability appears to have been fixed in 1.5.6 due
        to the disabling of the UDP protocol by
        default.(CVE-2018-1000115)
    
      - The try_read_command function in memcached.c in
        memcached before 1.4.39 allows remote attackers to
        cause a denial of service (segmentation fault) via a
        request to add/set a key, which makes a comparison
        between signed and unsigned int and triggers a
        heap-based buffer over-read. NOTE: this vulnerability
        exists because of an incomplete fix for
        CVE-2016-8705.(CVE-2017-9951)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2213
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ab62e2f");
      script_set_attribute(attribute:"solution", value:
    "Update the affected memcached packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:memcached");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["memcached-1.4.15-10.1.h3.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "memcached");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2631.NASL
    descriptionAccording to the versions of the memcached package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.(CVE-2018-1000115) - The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.(CVE-2017-9951) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132166
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132166
    titleEulerOS 2.0 SP3 : memcached (EulerOS-SA-2019-2631)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132166);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2017-9951",
        "CVE-2018-1000115"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : memcached (EulerOS-SA-2019-2631)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the memcached package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - Memcached version 1.5.5 contains an Insufficient
        Control of Network Message Volume (Network
        Amplification, CWE-406) vulnerability in the UDP
        support of the memcached server that can result in
        denial of service via network flood (traffic
        amplification of 1:50,000 has been reported by reliable
        sources). This attack appear to be exploitable via
        network connectivity to port 11211 UDP. This
        vulnerability appears to have been fixed in 1.5.6 due
        to the disabling of the UDP protocol by
        default.(CVE-2018-1000115)
    
      - The try_read_command function in memcached.c in
        memcached before 1.4.39 allows remote attackers to
        cause a denial of service (segmentation fault) via a
        request to add/set a key, which makes a comparison
        between signed and unsigned int and triggers a
        heap-based buffer over-read. NOTE: this vulnerability
        exists because of an incomplete fix for
        CVE-2016-8705.(CVE-2017-9951)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2631
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5e73bb0");
      script_set_attribute(attribute:"solution", value:
    "Update the affected memcached packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:memcached");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["memcached-1.4.15-10.1.h2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "memcached");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-373.NASL
    descriptionThis update for memcached fixes the following issues : - CVE-2018-1000115: Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server could result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). (bsc#1083903) - Home directory shouldn
    last seen2020-06-05
    modified2018-04-18
    plugin id109100
    published2018-04-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109100
    titleopenSUSE Security Update : memcached (openSUSE-2018-373)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-964.NASL
    descriptionIt was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled. It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service (DDoS) attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causing it to send a significantly larger response to the target. (CVE-2018-1000115)
    last seen2020-06-01
    modified2020-06-02
    plugin id107235
    published2018-03-09
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107235
    titleAmazon Linux AMI : memcached (ALAS-2018-964)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4218.NASL
    descriptionSeveral vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-9951 Daniel Shapira reported a heap-based buffer over-read in memcached (resulting from an incomplete fix for CVE-2016-8705 ) triggered by specially crafted requests to add/set a key and allowing a remote attacker to cause a denial of service. - CVE-2018-1000115 It was reported that memcached listens to UDP by default. A remote attacker can take advantage of it to use the memcached service as a DDoS amplifier. Default installations of memcached in Debian are not affected by this issue as the installation defaults to listen only on localhost. This update disables the UDP port by default. Listening on the UDP can be re-enabled in the /etc/memcached.conf (cf. /usr/share/doc/memcached/NEWS.Debian.gz). - CVE-2018-1000127 An integer overflow was reported in memcached, resulting in resource leaks, data corruption, deadlocks or crashes.
    last seen2020-06-01
    modified2020-06-02
    plugin id110386
    published2018-06-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110386
    titleDebian DSA-4218-1 : memcached - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2391.NASL
    descriptionAccording to the versions of the memcached package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.(CVE-2017-9951) - Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.(CVE-2018-1000115) - memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.(CVE-2018-1000127) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131883
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131883
    titleEulerOS 2.0 SP2 : memcached (EulerOS-SA-2019-2391)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-964.NASL
    descriptionIt was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled. It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service (DDoS) attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causing it to send a significantly larger response to the target. (CVE-2018-1000115)
    last seen2020-06-01
    modified2020-06-02
    plugin id109132
    published2018-04-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109132
    titleAmazon Linux 2 : memcached (ALAS-2018-964)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0955-1.NASL
    descriptionThis update for memcached fixes the following issues : - CVE-2018-1000115: Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server could result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). (bsc#1083903) - Home directory shouldn
    last seen2020-06-01
    modified2020-06-02
    plugin id109084
    published2018-04-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109084
    titleSUSE SLES12 Security Update : memcached (SUSE-SU-2018:0955-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3588-1.NASL
    descriptionDaniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service (daemon crash). (CVE-2017-9951) It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service attack. (CVE-2018-1000115). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id107148
    published2018-03-06
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107148
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : memcached vulnerabilities (USN-3588-1)

Redhat

advisories
  • rhsa
    idRHBA-2018:2140
  • rhsa
    idRHSA-2018:1593
  • rhsa
    idRHSA-2018:1627
  • rhsa
    idRHSA-2018:2331
  • rhsa
    idRHSA-2018:2857
rpms
  • instack-undercloud-0:4.0.0-18.el7ost
  • openstack-tripleo-heat-templates-0:2.0.0-65.el7ost
  • openstack-tripleo-heat-templates-liberty-0:2.0.0-65.el7ost
  • openstack-tripleo-heat-templates-0:5.3.10-1.el7ost
  • puppet-tripleo-0:5.6.8-6.el7ost
  • openstack-tripleo-heat-templates-0:6.2.12-2.el7ost
  • puppet-tripleo-0:6.5.10-3.el7ost
  • instack-undercloud-0:7.4.12-1.el7ost
  • openstack-tripleo-common-0:7.6.13-3.el7ost
  • openstack-tripleo-common-container-base-0:7.6.13-3.el7ost
  • openstack-tripleo-common-containers-0:7.6.13-3.el7ost
  • openstack-tripleo-common-devtools-0:7.6.13-3.el7ost
  • openstack-tripleo-heat-templates-0:7.0.12-8.el7ost
  • openstack-tripleo-image-elements-0:7.0.5-1.el7ost
  • openstack-tripleo-puppet-elements-0:7.0.7-1.el7ost
  • os-net-config-0:7.3.6-1.el7ost
  • puppet-aodh-0:11.4.0-2.el7ost
  • puppet-ceilometer-0:11.5.0-2.el7ost
  • puppet-ceph-0:2.4.2-2.el7ost
  • puppet-cinder-0:11.5.0-4.el7ost
  • puppet-glance-0:11.5.0-2.el7ost
  • puppet-heat-0:11.5.0-2.el7ost
  • puppet-ironic-0:11.5.0-2.el7ost
  • puppet-keystone-0:11.4.0-2.el7ost
  • puppet-manila-0:11.4.0-4.el7ost
  • puppet-mistral-0:11.4.0-2.el7ost
  • puppet-neutron-0:11.5.0-2.el7ost
  • puppet-nova-0:11.5.0-4.el7ost
  • puppet-panko-0:11.5.0-2.el7ost
  • puppet-tripleo-0:7.4.12-8.el7ost
  • puppet-trove-0:11.4.0-2.el7ost
  • python-novajoin-0:1.0.17-3.el7ost
  • python-os-brick-0:1.15.5-2.el7ost
  • python-tripleoclient-0:7.3.10-3.el7ost
  • instack-undercloud-0:2.2.7-13.el7ost
  • openstack-tripleo-heat-templates-0:0.8.14-42.el7ost
  • openstack-tripleo-heat-templates-kilo-0:0.8.14-42.el7ost

The Hacker News

idTHN:C6A051FFC1C6E72BCFA8E77E962F9683
last seen2018-03-08
modified2018-03-08
published2018-03-07
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2018/03/prevent-memcached-ddos.html
title'Kill Switch' to Mitigate Memcached DDoS Attacks — Flush 'Em All

References