FKIE_CVE-2009-1255

Vulnerability from fkie_nvd - Published: 2009-04-30 20:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
cve@mitre.orghttp://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
cve@mitre.orghttp://code.google.com/p/memcachedb/source/detail?r=98
cve@mitre.orghttp://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.cExploit, Patch
cve@mitre.orghttp://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
cve@mitre.orghttp://osvdb.org/54127
cve@mitre.orghttp://secunia.com/advisories/34915Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/34932Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35175
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:105
cve@mitre.orghttp://www.positronsecurity.com/advisories/2009-001.htmlExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/503064/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/34756
cve@mitre.orghttp://www.securitytracker.com/id?1022140
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1196Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1197Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50221
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/memcachedb/source/detail?r=98
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.cExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/54127
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34915Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34932Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35175
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:105
af854a3a-2127-422b-91ae-364da2661108http://www.positronsecurity.com/advisories/2009-001.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/503064/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34756
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022140
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1196Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1197Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50221
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
Impacted products
Vendor Product Version
memcachedb memcached *
memcachedb memcached 0.0.1
memcachedb memcached 0.0.2
memcachedb memcached 0.0.3
memcachedb memcached 0.0.4
memcachedb memcached 0.1.0
memcachedb memcached 0.1.1
memcachedb memcached 1.0.0
memcachedb memcached 1.0.1
memcachedb memcached 1.0.2
memcachedb memcached 1.0.3
memcachedb memcached 1.0.4
memcachedb memcached 1.1.0
memcachedb memcached 1.2.0
memcachedb memcached 1.2.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B62E56-CCC2-4239-8B5C-81FF1D6BF32F",
              "versionEndIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F664659-721C-4387-A06C-AD30DD9AF762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A83632-06E4-4978-909A-5E145F7A654F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A511459-F98A-4192-8E79-24766D296A47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC3886A-4C1B-49B9-A334-E9A1C8CA5309",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD764B57-6985-4DD2-BA3C-09912715A56A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E433DCE9-8C2E-47AC-907E-8306D322D0A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "8164AFC1-6320-44C1-8872-9C26A5E1C173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "6397D3FD-EF1F-4B0C-BA6C-26131820A653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "2616A383-92BE-4FD2-8A62-8A2CF1F69830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F500EE98-0AAA-4C9E-91DF-313E6812CC50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0C217E-B2E4-472A-AE6A-C95D73C8FE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "07FCB8CB-1434-4486-858D-BC509246231D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "6BE87DDD-FF8E-47B2-A30B-7C32ADA6C02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "A76FC002-9B7C-4F3D-A2E7-E416CD6C6336",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon\u0027s TCP port."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n process_stat en (1) Memcached antes de v1.2.8 y (2) MemcacheDB v1.2.0 revela (a) el contenido de /proc/self/maps en respuesta a un comando stats maps (estadisticas de mapas) y (b) las estad\u00edsticas de la asignaci\u00f3n de memoria en respuesta a un comando stats malloc (estadisticas de asignacion de memoria), lo cual permite a atacantes remotos obtener informaci\u00f3n sensible como la localizaci\u00f3n de regiones de memoria, y evitar la protecci\u00f3n ASLR, mediante el env\u00edo de un comando a el demonio del puerto TCP."
    }
  ],
  "id": "CVE-2009-1255",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-30T20:30:00.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98\u0026r=98"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://code.google.com/p/memcachedb/source/detail?r=98"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://code.google.com/p/memcachedb/source/diff?spec=svn98\u0026r=98\u0026format=side\u0026path=/trunk/memcachedb.c"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/54127"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34915"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34932"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35175"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:105"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.positronsecurity.com/advisories/2009-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/503064/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34756"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022140"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1196"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1197"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50221"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98\u0026r=98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://code.google.com/p/memcachedb/source/detail?r=98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://code.google.com/p/memcachedb/source/diff?spec=svn98\u0026r=98\u0026format=side\u0026path=/trunk/memcachedb.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.positronsecurity.com/advisories/2009-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/503064/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.