Secunia
Login
|
|
CVE Reference: CVE-2009-1255 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2009-1255 |
|
|
Description: The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/50221 ST 1022140 SAID Secunia Advisory: SA35175 Secunia Advisory: SA34932 Secunia Advisory: SA34915 OSVDB 54127 MISC http://www.positronsecurity.com/advisories/2009-001.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:105 FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html FEDORA CONFIRM http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98 http://code.google.com/p/memcachedb/source/detail?r=98 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/503064/100/0/threaded BID 34756 |
|
| Return to the previous page. |
