fkie_cve-2009-1255
Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
cve@mitre.orghttp://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
cve@mitre.orghttp://code.google.com/p/memcachedb/source/detail?r=98
cve@mitre.orghttp://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.cExploit, Patch
cve@mitre.orghttp://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
cve@mitre.orghttp://osvdb.org/54127
cve@mitre.orghttp://secunia.com/advisories/34915Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/34932Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35175
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:105
cve@mitre.orghttp://www.positronsecurity.com/advisories/2009-001.htmlExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/503064/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/34756
cve@mitre.orghttp://www.securitytracker.com/id?1022140
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1196Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1197Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50221
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/memcachedb/source/detail?r=98
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.cExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/54127
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34915Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34932Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35175
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:105
af854a3a-2127-422b-91ae-364da2661108http://www.positronsecurity.com/advisories/2009-001.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/503064/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34756
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022140
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1196Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1197Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50221
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B62E56-CCC2-4239-8B5C-81FF1D6BF32F",
              "versionEndIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F664659-721C-4387-A06C-AD30DD9AF762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A83632-06E4-4978-909A-5E145F7A654F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A511459-F98A-4192-8E79-24766D296A47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC3886A-4C1B-49B9-A334-E9A1C8CA5309",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD764B57-6985-4DD2-BA3C-09912715A56A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E433DCE9-8C2E-47AC-907E-8306D322D0A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "8164AFC1-6320-44C1-8872-9C26A5E1C173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "6397D3FD-EF1F-4B0C-BA6C-26131820A653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "2616A383-92BE-4FD2-8A62-8A2CF1F69830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F500EE98-0AAA-4C9E-91DF-313E6812CC50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0C217E-B2E4-472A-AE6A-C95D73C8FE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "07FCB8CB-1434-4486-858D-BC509246231D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "6BE87DDD-FF8E-47B2-A30B-7C32ADA6C02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "A76FC002-9B7C-4F3D-A2E7-E416CD6C6336",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon\u0027s TCP port."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n process_stat en (1) Memcached antes de v1.2.8 y (2) MemcacheDB v1.2.0 revela (a) el contenido de /proc/self/maps en respuesta a un comando stats maps (estadisticas de mapas) y (b) las estad\u00edsticas de la asignaci\u00f3n de memoria en respuesta a un comando stats malloc (estadisticas de asignacion de memoria), lo cual permite a atacantes remotos obtener informaci\u00f3n sensible como la localizaci\u00f3n de regiones de memoria, y evitar la protecci\u00f3n ASLR, mediante el env\u00edo de un comando a el demonio del puerto TCP."
    }
  ],
  "id": "CVE-2009-1255",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-30T20:30:00.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98\u0026r=98"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://code.google.com/p/memcachedb/source/detail?r=98"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://code.google.com/p/memcachedb/source/diff?spec=svn98\u0026r=98\u0026format=side\u0026path=/trunk/memcachedb.c"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/54127"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34915"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34932"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35175"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:105"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.positronsecurity.com/advisories/2009-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/503064/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34756"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022140"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1196"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1197"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50221"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98\u0026r=98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://code.google.com/p/memcachedb/source/detail?r=98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://code.google.com/p/memcachedb/source/diff?spec=svn98\u0026r=98\u0026format=side\u0026path=/trunk/memcachedb.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.positronsecurity.com/advisories/2009-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/503064/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…