Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:105 (memcached)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64137

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:105 (memcached)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to memcached
announced via advisory MDVSA-2009:105.

The process_stat function in Memcached prior 1.2.8 discloses
memory-allocation statistics in response to a stats malloc command,
which allows remote attackers to obtain potentially sensitive
information by sending this command to the daemon's TCP port
(CVE-2009-1255, CVE-2009-1494).

The updated packages have been patched to prevent this.

Affected: 2009.0, 2009.1, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:105

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1255
BugTraq ID: 34756
http://www.securityfocus.com/bid/34756
Bugtraq: 20090428 Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness (Google Search)
http://www.securityfocus.com/archive/1/503064/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:105
http://www.positronsecurity.com/advisories/2009-001.html
http://osvdb.org/54127
http://www.securitytracker.com/id?1022140
http://secunia.com/advisories/34915
http://secunia.com/advisories/34932
http://secunia.com/advisories/35175
http://www.vupen.com/english/advisories/2009/1196
http://www.vupen.com/english/advisories/2009/1197
XForce ISS Database: memcachedb-procselfmaps-info-disclosure(50221)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50221
Common Vulnerability Exposure (CVE) ID: CVE-2009-1494
http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
http://code.google.com/p/memcachedb/source/detail?r=98
http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c
http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz
XForce ISS Database: memcached-processstat-info-disclosure(50444)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50444

Copyright Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64137
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:105 (memcached)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to memcached announced via advisory MDVSA-2009:105. The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port (CVE-2009-1255, CVE-2009-1494). The updated packages have been patched to prevent this. Affected: 2009.0, 2009.1, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:105 CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1255 BugTraq ID: 34756 http://www.securityfocus.com/bid/34756 Bugtraq: 20090428 Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness (Google Search) http://www.securityfocus.com/archive/1/503064/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:105 http://www.positronsecurity.com/advisories/2009-001.html http://osvdb.org/54127 http://www.securitytracker.com/id?1022140 http://secunia.com/advisories/34915 http://secunia.com/advisories/34932 http://secunia.com/advisories/35175 http://www.vupen.com/english/advisories/2009/1196 http://www.vupen.com/english/advisories/2009/1197 XForce ISS Database: memcachedb-procselfmaps-info-disclosure(50221) https://exchange.xforce.ibmcloud.com/vulnerabilities/50221 Common Vulnerability Exposure (CVE) ID: CVE-2009-1494 http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98 http://code.google.com/p/memcachedb/source/detail?r=98 http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz XForce ISS Database: memcached-processstat-info-disclosure(50444) https://exchange.xforce.ibmcloud.com/vulnerabilities/50444
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com