Mandriva Linux Security Advisory 2014-010 - Multiple vulnerabilities has been discovered and corrected in memcached. The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. Various other issues have also been addressed.
56e23873dfb9810e91b41765d15d9e18cafd0f9578ff6c5806a952a61bf20fc8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:010
https://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : memcached
Date : January 17, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in
memcached:
The process_bin_delete function in memcached.c in memcached 1.4.4 and
other versions before 1.4.17, when running in verbose mode, allows
remote attackers to cause a denial of service (segmentation fault)
via a request to delete a key, which does not account for the lack
of a null terminator in the key and triggers a buffer over-read when
printing to stderr (CVE-2013-0179).
memcached before 1.4.17 allows remote attackers to bypass
authentication by sending an invalid request with SASL credentials,
then sending another request with incorrect SASL credentials
(CVE-2013-7239).
The do_item_get function in items.c in memcached 1.4.4 and other
versions before 1.4.17, when running in verbose mode, allows remote
attackers to cause a denial of service (segmentation fault) via a
request to delete a key, which does not account for the lack of a null
terminator in the key and triggers a buffer over-read when printing to
stderr, a different vulnerability than CVE-2013-0179 (CVE-2013-7290).
memcached before 1.4.17, when running in verbose mode, allows
remote attackers to cause a denial of service (crash) via a request
that triggers an unbounded key print during logging, related to an
issue that was quickly grepped out of the source tree, a different
vulnerability than CVE-2013-0179 and CVE-2013-7290 (CVE-2013-7291).
The updated packages have been upgraded to the 1.4.17 version which
is unaffected by these issues.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7291
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
a16c2422bfa525dbbaaf53a1947eb857 mes5/i586/memcached-1.4.17-0.1mdvmes5.2.i586.rpm
bb30dd36547f39e0cc197e3286882c62 mes5/i586/memcached-devel-1.4.17-0.1mdvmes5.2.i586.rpm
ef22bb85c812d510bde6110098a38f01 mes5/SRPMS/memcached-1.4.17-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
74c7f0f6ece79b4cbe924c8d41670d7a mes5/x86_64/memcached-1.4.17-0.1mdvmes5.2.x86_64.rpm
a4b21173b04c8944067f34870b948fba mes5/x86_64/memcached-devel-1.4.17-0.1mdvmes5.2.x86_64.rpm
ef22bb85c812d510bde6110098a38f01 mes5/SRPMS/memcached-1.4.17-0.1mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
8035d2870bcd192b1c6b6419256e4714 mbs1/x86_64/memcached-1.4.17-1.mbs1.x86_64.rpm
5343cfb775b8adc04760f6b5717aa4ce mbs1/x86_64/memcached-devel-1.4.17-1.mbs1.x86_64.rpm
d7a230375722086b5419ca49544de75c mbs1/SRPMS/memcached-1.4.17-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFS2Q5omqjQ0CJFipgRAmQPAKCpbbljUvxwXBSzyzSuIAq56bRBygCdH1E6
0mBdsWBHW14kxDPmOwU604Y=
=qOuN
-----END PGP SIGNATURE-----