Comment #18 on issue 192 by [email protected]: Crash when sending
specially crafted packet
http://code.google.com/p/memcached/issues/detail?id=192
@dormando: I agree with your points and kudos for maintaining this
software. I agree bad patches can hurt the codebase a lot, but I guess
people had good intentions and the lack of clear patch submission
guidelines makes this process a bit ambiguous.
@brian: (Disclaimer: I ain't a security expert, so take this with a grain
of salt) I believe this vulnerability isn't useful by itself, but it can
become a link in a chain of attacks, where the attacker first gains access
to a memcached client machine (using another vulnerability), and then uses
this bug to hijack the memcached process. Beside getting access to the host
machine, the memcached server may hold potentially sensitive and private
information, which could be leaked to the attacker.
PS: FYI, this bug was discovered using the Cloud9 automated testing engine,
now available at http://cloud9.epfl.ch/ The tool is knowledgeable enough to
generate test cases to expose the bug through a crash, but the real risk is
that the bug can be exploited in a more elaborate way, e.g., inject and
execute arbitrary code.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
