Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.64787
Kategorie:FreeBSD Local Security Checks
Titel:FreeBSD Ports: memcached
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to the system
as announced in the referenced advisory.

The following package is affected: memcached

CVE-2009-1255
The process_stat function in (1) Memcached before 1.2.8 and (2)
MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in
response to a stats maps command and (b) memory-allocation statistics
in response to a stats malloc command, which allows remote attackers
to obtain sensitive information such as the locations of memory
regions, and defeat ASLR protection, by sending a command to the
daemon's TCP port.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://secunia.com/advisories/34915/
http://www.vuxml.org/freebsd/86ada694-8b30-11de-b9d0-000c6e274733.html

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1255
BugTraq ID: 34756
http://www.securityfocus.com/bid/34756
Bugtraq: 20090428 Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness (Google Search)
http://www.securityfocus.com/archive/1/503064/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:105
http://www.positronsecurity.com/advisories/2009-001.html
http://osvdb.org/54127
http://www.securitytracker.com/id?1022140
http://secunia.com/advisories/34915
http://secunia.com/advisories/34932
http://secunia.com/advisories/35175
http://www.vupen.com/english/advisories/2009/1196
http://www.vupen.com/english/advisories/2009/1197
XForce ISS Database: memcachedb-procselfmaps-info-disclosure(50221)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50221
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.