CVE-2013-7239
Gentoo Linux Security Advisory 201406-13
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
memcached anterior 1.4.17 permite a atacantes remotos evadir la autenticación mediante el envío de una petición inválida con credenciales SASL, luego enviar otra petición con credenciales SASL incorrectas.
Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -vv option was used. An attacker could use this issue to cause Memcached to crash, resulting in a denial of service. It was discovered that Memcached incorrectly handled SASL authentication. A remote attacker could use this issue to bypass SASL authentication completely. This issue only affected Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-30 CVE Reserved
- 2014-01-03 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://seclists.org/oss-sec/2013/q4/572 | Mailing List |
|
http://www.securityfocus.com/bid/64559 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://code.google.com/p/memcached/wiki/ReleaseNotes1417 | 2018-03-25 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/56183 | 2018-03-25 | |
http://www.debian.org/security/2014/dsa-2832 | 2018-03-25 | |
http://www.ubuntu.com/usn/USN-2080-1 | 2018-03-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | <= 1.4.16 Search vendor "Memcached" for product "Memcached" and version " <= 1.4.16" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.0 Search vendor "Memcached" for product "Memcached" and version "1.4.0" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.1 Search vendor "Memcached" for product "Memcached" and version "1.4.1" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.2 Search vendor "Memcached" for product "Memcached" and version "1.4.2" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.3 Search vendor "Memcached" for product "Memcached" and version "1.4.3" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.4 Search vendor "Memcached" for product "Memcached" and version "1.4.4" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.5 Search vendor "Memcached" for product "Memcached" and version "1.4.5" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.6 Search vendor "Memcached" for product "Memcached" and version "1.4.6" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.7 Search vendor "Memcached" for product "Memcached" and version "1.4.7" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.8 Search vendor "Memcached" for product "Memcached" and version "1.4.8" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.9 Search vendor "Memcached" for product "Memcached" and version "1.4.9" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.10 Search vendor "Memcached" for product "Memcached" and version "1.4.10" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.11 Search vendor "Memcached" for product "Memcached" and version "1.4.11" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.12 Search vendor "Memcached" for product "Memcached" and version "1.4.12" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.13 Search vendor "Memcached" for product "Memcached" and version "1.4.13" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.14 Search vendor "Memcached" for product "Memcached" and version "1.4.14" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.15 Search vendor "Memcached" for product "Memcached" and version "1.4.15" | - |
Affected
|