Description of problem: Memcached is binding to 0.0.0.0 on tcp/udp by default. This is not a correct configuration for memcache. Version-Release number of selected component (if applicable): Fedora 27, Centos 7.4 Was cited in: RH bug fixed back 2016 that appears to have not been adopted: https://bugzilla.redhat.com/show_bug.cgi?id=1182542 Corresponding bug opened for CentOS: https://bugs.centos.org/view.php?id=14537 How reproducible: Easy Steps to Reproduce: 1. Install CentOS or Fedora 2. Check netstat for memcache running bound to 0.0.0.0 Actual results: tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 2447/memcached udp 0 0 0.0.0.0:11211 0.0.0.0:* 2447/memcached Expected results: tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 2447/memcached udp 0 0 127.0.0.1:11211 0.0.0.0:* 2447/memcached Additional info: This is being widely abused as a reflection attack by malicious actors.
*** This bug has been marked as a duplicate of bug 1550066 ***