Memcached / MemcacheDB ASLR Bypass Weakness

This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.

Synopsis :

The remote object store suffers from a weakness that may make buffer
overflows easier to exploit.

Description :

The version of memcached / MemcacheDB running on the remote host
reveals information about the stack, heap, and shared library memory
locations it uses. An unauthenticated remote attacker may be able to
leverage this weakness to defeat any address space layout
randomization (ASLR) protection on the remote host, thereby making
buffer overflows easier to exploit.

See also :

Solution :

If using memcached, upgrade to version 1.2.8.

If using MemcacheDB, upgrade to revision r98 or later from the code

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 38207 ()

Bugtraq ID: 34756

CVE ID: CVE-2009-1255

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial