Memcached / MemcacheDB ASLR Bypass Weakness

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote object store suffers from a weakness that may make buffer
overflows easier to exploit.

Description :

The version of memcached / MemcacheDB running on the remote host
reveals information about the stack, heap, and shared library memory
locations it uses. An unauthenticated remote attacker may be able to
leverage this weakness to defeat any address space layout
randomization (ASLR) protection on the remote host, thereby making
buffer overflows easier to exploit.

See also :

Solution :

If using memcached, upgrade to version 1.2.8.

If using MemcacheDB, upgrade to revision r98 or later from the code

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 38207 ()

Bugtraq ID: 34756

CVE ID: CVE-2009-1255

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now