Memcached多个基于堆的缓冲区溢出漏洞

基本字段

漏洞编号：: SSV-12021

披露/发现时间：: 未知

提交时间：: 2009-08-10

漏洞等级：

漏洞类别：: 远程溢出

影响组件：: Memcached
(1.2.8,1.2.7)

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

漏洞详情

贡献者 Knownsec 共获得 0.7KB

Bugraq ID: 35989 CVE ID：CVE-2009-2415 Danga Interactive memcached是一款高性能的分布式内存缓存解决方案。 memcached在解析部分长度属性时存在由整数转换而造成基于堆的缓冲区溢出，远程攻击者可以利用漏洞以memcached运行进程权限执行任意代码。目前没有更多详细信息系统。 Danga Interactive memcached 1.2.8 Danga Interactive memcached 1.2.7 Debian Linux用户可参考如下升级程序： Debian GNU/Linux 4.0 (etch) Debian (oldstable) Source: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.dsc http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12.orig.tar.gz http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz Alpha: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_alpha.deb AMD64: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_amd64.deb ARM: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_arm.deb HP Precision: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_hppa.deb Intel IA-32: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_ia64.deb Big-endian MIPS: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mips.deb Little-endian MIPS: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_sparc.deb Debian GNU/Linux 5.0 (lenny) Debian (stable) Source: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.dsc http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2.orig.tar.gz http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz Alpha: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_alpha.deb AMD64: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_amd64.deb ARM: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_arm.deb ARM EABI: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_armel.deb HP Precision: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_hppa.deb Intel IA-32: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_ia64.deb Big-endian MIPS: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mips.deb Little-endian MIPS: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_sparc.deb