|
|
Log in / Subscribe / Register

memcached: information leak

Package(s):memcached CVE #(s):CVE-2009-1255 CVE-2009-1494
Created:May 4, 2009 Updated:August 11, 2009
Description:

From the Mandriva advisory:

The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port (CVE-2009-1255, CVE-2009-1494).

Alerts:
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
Fedora FEDORA-2009-4542 memcached 2009-05-08
Fedora FEDORA-2009-4199 memcached 2009-05-02
Mandriva MDVSA-2009:105 memcached 2009-05-04
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds