ports/134206: vuxml submission for databases/memcached
Mark Foster
mark at foster.cc
Mon May 4 14:10:01 UTC 2009
>Number: 134206
>Category: ports
>Synopsis: vuxml submission for databases/memcached
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon May 04 14:10:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Mark Foster
>Release: 7.1 RELEASE
>Organization:
Credentia
>Environment:
>Description:
vulnerability announced in memcached. Port is already at 1.2.8 which is not vulnerable, so this vuxml is for the laggers.
>How-To-Repeat:
>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="db026d59-05d0-4544-8cd2-f2a9ab37ce26">
<topic>memcached -- memcached stats maps Information Disclosure Weakness</topic>
<affects>
<package>
<name>memcached</name>
<range><le>1.2.8</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34915/">
<p>A weakness has been reported in memcached which can be exploited by malicious people to disclose system information.
The weakness is caused due to the application disclosing the content of /proc/self/maps if a stats maps command is received. This can be exploited to disclose e.g. the addresses of allocated memory regions.
The weakness is reported in version 1.2.7. Prior versions may also be affected.</p>
</blockquote>
</body>
</description>
<references>
<url>http://secunia.com/advisories/34915/</url>
</references>
<dates>
<discovery>2009-04-29</discovery>
<entry>2009-05-04</entry>
</dates>
</vuln>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list