Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.2.2019.1435 |
Kategorie: | Huawei EulerOS Local Security Checks |
Titel: | Huawei EulerOS: Security Advisory for memcached (EulerOS-SA-2019-1435) |
Zusammenfassung: | The remote host is missing an update for the Huawei EulerOS 'memcached' package(s) announced via the EulerOS-SA-2019-1435 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the Huawei EulerOS 'memcached' package(s) announced via the EulerOS-SA-2019-1435 advisory. Vulnerability Insight: memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an 'unbounded key print' during logging, related to an issue that was 'quickly grepped out of the source tree' a different vulnerability than CVE-2013-0179 and CVE-2013-7290.(CVE-2013-7291) An integer overflow flaw, leading to a heap-based buffer overflow, was found in memcached's parsing of SASL authentication messages. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.(CVE-2016-8706) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.(CVE-2016-8704) The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.(CVE-2013-0179) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.(CVE-2016-8705) memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.(CVE-2018-1000127) memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.(CVE-2013-7239) The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.(CVE-2013-7290) Affected Software/OS: 'memcached' package(s) on Huawei EulerOS Virtualization 3.0.1.0. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-0179 BugTraq ID: 64978 http://www.securityfocus.com/bid/64978 http://www.openwall.com/lists/oss-security/2013/01/14/4 http://www.openwall.com/lists/oss-security/2013/01/14/6 http://secunia.com/advisories/56183 http://www.ubuntu.com/usn/USN-2080-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-7239 BugTraq ID: 64559 http://www.securityfocus.com/bid/64559 Debian Security Information: DSA-2832 (Google Search) http://www.debian.org/security/2014/dsa-2832 http://seclists.org/oss-sec/2013/q4/572 Common Vulnerability Exposure (CVE) ID: CVE-2013-7290 BugTraq ID: 64988 http://www.securityfocus.com/bid/64988 Common Vulnerability Exposure (CVE) ID: CVE-2013-7291 BugTraq ID: 64989 http://www.securityfocus.com/bid/64989 Common Vulnerability Exposure (CVE) ID: CVE-2016-8704 BugTraq ID: 94083 http://www.securityfocus.com/bid/94083 Debian Security Information: DSA-3704 (Google Search) http://www.debian.org/security/2016/dsa-3704 https://security.gentoo.org/glsa/201701-12 http://www.talosintelligence.com/reports/TALOS-2016-0219/ RedHat Security Advisories: RHSA-2016:2819 http://rhn.redhat.com/errata/RHSA-2016-2819.html RedHat Security Advisories: RHSA-2016:2820 http://rhn.redhat.com/errata/RHSA-2016-2820.html RedHat Security Advisories: RHSA-2017:0059 https://access.redhat.com/errata/RHSA-2017:0059 http://www.securitytracker.com/id/1037333 Common Vulnerability Exposure (CVE) ID: CVE-2016-8705 http://www.talosintelligence.com/reports/TALOS-2016-0220/ Common Vulnerability Exposure (CVE) ID: CVE-2016-8706 http://www.talosintelligence.com/reports/TALOS-2016-0221/ |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |