memcached < 1.4.17 Multiple Vulnerabilities

Medium Nessus Plugin ID 72212

Synopsis

The remote host contains a memory-based object store that is potentially affected by multiple vulnerabilities.

Description

According to its self-reported version, the version of memcached installed on the remote host is a version prior to 1.4.17. It is, therefore, reportedly affected by the following vulnerabilities :

- An error exists related to handling SASL requests that could allow authentication bypasses.
(CVE-2013-7239)

- An error exists in the function 'do_item_get' in the file 'items.c' that could cause buffer overreads and allow denial of service attacks. (CVE-2013-7290)

- An error related to logging and verbose mode could allow some requests to cause denial of service conditions. (CVE-2013-7291)

Solution

Upgrade to memcached 1.4.17 or later.

See Also

https://code.google.com/archive/p/memcached/wikis/ReleaseNotes1417.wiki

https://seclists.org/oss-sec/2013/q4/572

http://www.nessus.org/u?d0080e1b

https://code.google.com/archive/p/memcached/issues/306

Plugin Details

Severity: Medium

ID: 72212

File Name: memcached_1_4_17.nasl

Version: 1.7

Type: remote

Family: General

Published: 2014/01/30

Updated: 2020/01/16

Dependencies: 26197

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2013-7239

CVSS v2.0

Base Score: 4.8

Temporal Score: 3.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:memcached:memcached

Required KB Items: Services/memcached

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/12/20

Vulnerability Publication Date: 2013/12/20

Reference Information

CVE: CVE-2013-7239, CVE-2013-7290, CVE-2013-7291

BID: 64559, 64988, 64989