CVE-2009-1255
Mandriva Linux Security Advisory 2009-105
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.
La función process_stat en (1) Memcached antes de v1.2.8 y (2) MemcacheDB v1.2.0 revela (a) el contenido de /proc/self/maps en respuesta a un comando stats maps (estadisticas de mapas) y (b) las estadísticas de la asignación de memoria en respuesta a un comando stats malloc (estadisticas de asignacion de memoria), lo cual permite a atacantes remotos obtener información sensible como la localización de regiones de memoria, y evitar la protección ASLR, mediante el envío de un comando a el demonio del puerto TCP.
The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending a command to the daemon's TCP port. The updated packages have been patched to prevent this.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-04-07 CVE Reserved
- 2009-04-28 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html | Mailing List | |
| http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98 | X_refsource_confirm | |
| http://code.google.com/p/memcachedb/source/detail?r=98 | X_refsource_confirm | |
| http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e | X_refsource_confirm | |
| http://osvdb.org/54127 | Vdb Entry | |
| http://secunia.com/advisories/35175 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/503064/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/34756 | Vdb Entry | |
| http://www.securitytracker.com/id?1022140 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50221 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c | 2024-08-07 | |
| http://www.positronsecurity.com/advisories/2009-001.html | 2024-08-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | <= 1.2.0 Search vendor "Memcachedb" for product "Memcached" and version " <= 1.2.0" | - |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 0.0.1 Search vendor "Memcachedb" for product "Memcached" and version "0.0.1" | - |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 0.0.2 Search vendor "Memcachedb" for product "Memcached" and version "0.0.2" | - |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 0.0.3 Search vendor "Memcachedb" for product "Memcached" and version "0.0.3" | - |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 0.0.4 Search vendor "Memcachedb" for product "Memcached" and version "0.0.4" | - |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 0.1.0 Search vendor "Memcachedb" for product "Memcached" and version "0.1.0" | - |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 0.1.1 Search vendor "Memcachedb" for product "Memcached" and version "0.1.1" | - |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 1.0.0 Search vendor "Memcachedb" for product "Memcached" and version "1.0.0" | beta |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 1.0.1 Search vendor "Memcachedb" for product "Memcached" and version "1.0.1" | beta |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 1.0.2 Search vendor "Memcachedb" for product "Memcached" and version "1.0.2" | beta |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 1.0.3 Search vendor "Memcachedb" for product "Memcached" and version "1.0.3" | - |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 1.0.4 Search vendor "Memcachedb" for product "Memcached" and version "1.0.4" | - |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 1.1.0 Search vendor "Memcachedb" for product "Memcached" and version "1.1.0" | beta |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 1.2.0 Search vendor "Memcachedb" for product "Memcached" and version "1.2.0" | beta |
Affected
| ||||||
| Memcachedb Search vendor "Memcachedb" | Memcached Search vendor "Memcachedb" for product "Memcached" | 1.2.1 Search vendor "Memcachedb" for product "Memcached" and version "1.2.1" | beta |
Affected
| ||||||