Memcached / MemcacheDB ASLR Bypass Weakness

This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.


Synopsis :

The remote object store suffers from a weakness that may make buffer
overflows easier to exploit.

Description :

The version of memcached / MemcacheDB running on the remote host
reveals information about the stack, heap, and shared library memory
locations it uses. An unauthenticated remote attacker may be able to
leverage this weakness to defeat any address space layout
randomization (ASLR) protection on the remote host, thereby making
buffer overflows easier to exploit.

See also :

http://www.positronsecurity.com/advisories/2009-001.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
http://www.nessus.org/u?7ab1e482
http://www.nessus.org/u?a97219eb

Solution :

If using memcached, upgrade to version 1.2.8.

If using MemcacheDB, upgrade to revision r98 or later from the code
repository.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 38207 ()

Bugtraq ID: 34756

CVE ID: CVE-2009-1255