Page 4 of 18 results (0.010 seconds)

CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 0

Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows. Múltiples desbordamientos de entero en memcached v1.1.12 y v1.2.2 permiten a atacantes remotos ejecutar código de su elección a través de vectores de ataque que involucran los atributos de longitud que provocan desbordamientos de búfer basados en memoria dinámica. • http://osvdb.org/56906 http://secunia.com/advisories/36133 http://secunia.com/advisories/37729 http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz http://www.debian.org/security/2009/dsa-1853 http://www.securityfocus.com/bid/35989 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00836.html • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port. La función process_stat en Memcached v1.2.8 divulga las estadísticas de asignación de memoria en respuesta a un comando stats malloc, lo cual permite a atacantes remotos obtener información potencialmente sensible mediante el envío de este comando al puerto TCP del demonio. • http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98 http://code.google.com/p/memcachedb/source/detail?r=98 http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz https://exchange.xforce.ibmcloud.com/vulnerabilities/50444 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 2

The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port. La función process_stat en (1) Memcached antes de v1.2.8 y (2) MemcacheDB v1.2.0 revela (a) el contenido de /proc/self/maps en respuesta a un comando stats maps (estadisticas de mapas) y (b) las estadísticas de la asignación de memoria en respuesta a un comando stats malloc (estadisticas de asignacion de memoria), lo cual permite a atacantes remotos obtener información sensible como la localización de regiones de memoria, y evitar la protección ASLR, mediante el envío de un comando a el demonio del puerto TCP. • http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98 http://code.google.com/p/memcachedb/source/detail?r=98 http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e http://osvdb.org/54127 http://secunia.com/advisories/34915 http://secunia.com/advisories/34932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •