memcached < 1.4.17 Multiple Vulnerabilities

medium Nessus Plugin ID 72212

Synopsis

The remote host contains a memory-based object store that is potentially affected by multiple vulnerabilities.

Description

According to its self-reported version, the version of memcached installed on the remote host is a version prior to 1.4.17. It is, therefore, reportedly affected by the following vulnerabilities :

- An error exists related to handling SASL requests that could allow authentication bypasses.
(CVE-2013-7239)

- An error exists in the function 'do_item_get' in the file 'items.c' that could cause buffer overreads and allow denial of service attacks. (CVE-2013-7290)

- An error related to logging and verbose mode could allow some requests to cause denial of service conditions. (CVE-2013-7291)

Solution

Upgrade to memcached 1.4.17 or later.

See Also

https://code.google.com/archive/p/memcached/wikis/ReleaseNotes1417.wiki

https://seclists.org/oss-sec/2013/q4/572

http://www.nessus.org/u?d0080e1b

https://code.google.com/archive/p/memcached/issues/306

Plugin Details

Severity: Medium

ID: 72212

File Name: memcached_1_4_17.nasl

Version: 1.8

Type: remote

Family: General

Published: 1/30/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 3.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2013-7239

Vulnerability Information

CPE: cpe:/a:memcached:memcached

Required KB Items: Services/memcached

Exploit Ease: No known exploits are available

Patch Publication Date: 12/20/2013

Vulnerability Publication Date: 12/20/2013

Reference Information

CVE: CVE-2013-7239, CVE-2013-7290, CVE-2013-7291

BID: 64559, 64988, 64989