Bug 1047299 (CVE-2013-7239) - CVE-2013-7239 memcached: SASL authentication allows wrong credentials to access memcache
Summary: CVE-2013-7239 memcached: SASL authentication allows wrong credentials to acce...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-7239
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1047300 1047302 1047303
Blocks: 1047305
TreeView+ depends on / blocked
 
Reported: 2013-12-30 10:31 UTC by Ratul Gupta
Modified: 2021-02-17 07:02 UTC (History)
12 users (show)

Fixed In Version: memcached 1.4.17
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-01-02 10:53:41 UTC


Attachments (Terms of Use)

Description Ratul Gupta 2013-12-30 10:31:27 UTC
Memcached was found to be affected by a SASL authentication bypass glitch.

The issue was that if the attacker makes an invalid request with SASL credentials, it will initially fail. However if he issue a second request with bad SASL credentials, it will authenticate. This way, an attacker can get access to memcache even with wrong SASL credentials.

References:
http://seclists.org/oss-sec/2013/q4/565
https://code.google.com/p/memcached/issues/detail?id=316
https://code.google.com/p/memcached/wiki/ReleaseNotes1417

Commit:
https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32

Comment 2 Ratul Gupta 2013-12-30 10:33:19 UTC
Created memcached tracking bugs for this issue:

Affects: fedora-all [bug 1047300]
Affects: epel-5 [bug 1047302]

Comment 3 Huzaifa S. Sidhpurwala 2014-01-02 05:16:45 UTC
Statement:

Not Vulnerable. This issue does not affect the version of memcached package as shipped with Red Hat Enterprise Linux 5 and 6, since its not compiled with SASL support.

Comment 4 Miroslav Lichvar 2014-01-02 09:58:09 UTC
Please note that none of the EPEL, RHEL or Fedora memcached packages are affected by this bug as they are not compiled with SASL support.


Note You need to log in before you can comment on or make changes to this bug.