Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2010-1152: denial of service (daemon hang or crash)

Related Vulnerabilities: CVE-2010-1152  

Source

Debian Bug report logs - #579913
CVE-2010-1152: denial of service (daemon hang or crash)

version graph

Package: memcached; Maintainer for memcached is Guillaume Delacour <gui@iroqwa.org>; Source for memcached is src:memcached (PTS, buildd, popcon).

Reported by: Giuseppe Iuculano <iuculano@debian.org>

Date: Sun, 2 May 2010 09:33:02 UTC

Severity: grave

Tags: patch, security

Fixed in version memcached/1.4.5-1

Done: David Martínez Moreno <ender@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, David Martínez Moreno <ender@debian.org>:
Bug#579913; Package memcached. (Sun, 02 May 2010 09:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, David Martínez Moreno <ender@debian.org>. (Sun, 02 May 2010 09:33:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-1152: denial of service (daemon hang or crash)
Date: Sun, 02 May 2010 11:31:35 +0200
Package: memcached
Severity: grave
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for memcached.

CVE-2010-1152[0]:
| memcached.c in memcached before 1.4.3 allows remote attackers to cause
| a denial of service (daemon hang or crash) via a long line that
| triggers excessive memory allocation.  NOTE: some of these details are
| obtained from third party information.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1152
    http://security-tracker.debian.org/tracker/CVE-2010-1152

    http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9
    http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvdRm4ACgkQNxpp46476apZygCeNVAwaPbcT+URQmPbber2zgGG
i/sAnR7fPheTXOk3NbIvwTdqQ2FWB7s2
=QfvN
-----END PGP SIGNATURE-----

Reply sent to David Martínez Moreno <ender@debian.org>:
You have taken responsibility. (Wed, 12 May 2010 10:06:08 GMT) (full text, mbox, link).

Notification sent to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer. (Wed, 12 May 2010 10:06:08 GMT) (full text, mbox, link).

Message #10 received at 579913-close@bugs.debian.org (full text, mbox, reply):

From: David Martínez Moreno <ender@debian.org>
To: 579913-close@bugs.debian.org
Subject: Bug#579913: fixed in memcached 1.4.5-1
Date: Wed, 12 May 2010 10:02:29 +0000
Source: memcached
Source-Version: 1.4.5-1

We believe that the bug you reported is fixed in the latest version of
memcached, which is due to be installed in the Debian FTP archive:

memcached_1.4.5-1.diff.gz
  to main/m/memcached/memcached_1.4.5-1.diff.gz
memcached_1.4.5-1.dsc
  to main/m/memcached/memcached_1.4.5-1.dsc
memcached_1.4.5-1_amd64.deb
  to main/m/memcached/memcached_1.4.5-1_amd64.deb
memcached_1.4.5.orig.tar.gz
  to main/m/memcached/memcached_1.4.5.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 579913@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Martínez Moreno <ender@debian.org> (supplier of updated memcached package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 12 May 2010 11:41:22 +0200
Source: memcached
Binary: memcached
Architecture: source amd64
Version: 1.4.5-1
Distribution: unstable
Urgency: high
Maintainer: David Martínez Moreno <ender@debian.org>
Changed-By: David Martínez Moreno <ender@debian.org>
Description: 
 memcached  - A high-performance memory object caching system
Closes: 565033 579913
Changes: 
 memcached (1.4.5-1) unstable; urgency=high
 .
   * New upstream release.  Main changes since 1.4.2 are:
     New features:
     - Support for SASL authentication.
     - New script damemtop - a memcached top.
     - Slab optimizations.
     - New stats, for reclaimed memory and SASL events.
     Bugs fixed:
     - Malicious input can crash server (CVE-2010-1152).  Closes: #579913.
     - Fixed several problems with slab handling and growth.
     - Provide better error reporting.
     - Fix get stats accounting.
     - Fixed backwards compatibility with delete 0.
     - Documentation fixes.
     - Various build fixes, among others, fixed FTBFS with gcc-4.5 (closes:
       #565033).
   * Refreshed and renamed 01_init_script_compliant_with_LSB.patch.
   * Fixed lintian warnings by adding $remote_fs to init.d script.
   * Removed non-existent document (doc/memory_management.txt).
   * debian/control: Bumped Standards-Version to 3.8.4 (no changes).
   *
Checksums-Sha1: 
 3dba42339edaac1a355aa61b4f47f5cb36876b90 1041 memcached_1.4.5-1.dsc
 c7d6517764b82d23ae2de76b56c2494343c53f02 302516 memcached_1.4.5.orig.tar.gz
 5c68e4b43bc6e24cf5a52e3fce54df224b4e934f 9445 memcached_1.4.5-1.diff.gz
 42fb174144b264953eb2a2706bdc7dc02f55d956 75530 memcached_1.4.5-1_amd64.deb
Checksums-Sha256: 
 f827518f0883fd4f50dcdfbc9b7314df02813a6a25d8a5dc9875faa9e9c49683 1041 memcached_1.4.5-1.dsc
 9571b4b85484e46b3b10f07ccba77a1fa97d60660b32859f990effefb3005f91 302516 memcached_1.4.5.orig.tar.gz
 3106034c488ef583bcb547f738a0be451394607c507e7016b302d2eece02f1f7 9445 memcached_1.4.5-1.diff.gz
 67202ca1e69ad89dd0051a33b2a941ffb237403d7f1c9c86ec33face5be48d86 75530 memcached_1.4.5-1_amd64.deb
Files: 
 216d3a0112ae1570ad2091b421812e1f 1041 web optional memcached_1.4.5-1.dsc
 583441a25f937360624024f2881e5ea8 302516 web optional memcached_1.4.5.orig.tar.gz
 713dbcdc51d2f5a6d10101f802e431bb 9445 web optional memcached_1.4.5-1.diff.gz
 906c9d81cf184303b15ab8bd892352b4 75530 web optional memcached_1.4.5-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvqd+kACgkQWs/EhA1iABvPsgCg5979b2DcM3z2SeWQ+9VnWki2
7uoAoKGAT/RNg1YNl114k5cfC9ACyF7Q
=Z5oG
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jul 2011 07:32:48 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:52:54 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started