[v2.4] memcached: remote DoS (CVE-2013-0179 CVE-2013-7239 CVE-2013-7290 CVE-2013-7291)
The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr (CVE-2013-0179).
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials (CVE-2013-7239).
The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179 (CVE-2013-7290).
memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an unbounded key print during logging, related to an issue that was quickly grepped out of the source tree, a different vulnerability than CVE-2013-0179 and CVE-2013-7290 (CVE-2013-7291).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7291
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
(from redmine: issue id 2625, created on 2014-02-04, closed on 2014-04-18)
- Relations:
- parent #2624 (closed)
- Changesets:
- Revision 4f87afbb by Natanael Copa on 2014-04-17T11:30:01Z:
main/memcached: security upgrade to 1.4.17 (CVE-2013-0179,CVE-2013-7239,CVE-2013-7290,CVE-2013-7291)
fixes #2625
(cherry picked from commit 01c5af01dadb92ad64c468444fcd4b58e00ccdc9)
Conflicts:
main/memcached/APKBUILD