Mandriva Linux Security Advisory : memcached (MDVSA-2009:105)
Medium Nessus Plugin ID 38683
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionThe process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port (CVE-2009-1255, CVE-2009-1494).
The updated packages have been patched to prevent this.
SolutionUpdate the affected memcached package.