Published: 10/08/2009 Updated: 19/12/2009

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote malicious users to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.

Vulnerable Product	Search on Vulmon	Subscribe to Product
memcachedb memcached 1.1.12
memcachedb memcached 1.2.2

Debian Bug report logs - #540379 memcached: CVE-2009-2415 heap-based buffer overflow in length processing Package: memcached; Maintainer for memcached is Guillaume Delacour <gui@iroqwaorg>; Source for memcached is src:memcached (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 7 Aug 2009 15 ...

Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes An attacker can use this to execute arbitrary code on the system running memcached (on etch with root privileges) For the oldstable distri ...

CWE-189 http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz http://www.debian.org/security/2009/dsa-1853 http://www.securityfocus.com/bid/35989 http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz http://secunia.com/advisories/36133 http://osvdb.org/56906 http://secunia.com/advisories/37729 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00836.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540379 https://nvd.nist.gov https://www.debian.org/security/./dsa-1853

CVE-2009-2415

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect