exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1853-1

Debian Linux Security Advisory 1853-1
Posted Aug 10, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1853-1 - Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached (on etch with root privileges).

tags | advisory, overflow, arbitrary, root
systems | linux, debian
advisories | CVE-2009-2415
SHA-256 | f71cf554ce3885432ea696405897c37491e96e62aac0cdc2acb222f696e060be

Debian Linux Security Advisory 1853-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1853-1 security@debian.org
http://www.debian.org/security/ Nico Golde
August 7th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : memcached
Vulnerability : heap-based buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2415

Ronald Volgers discovered that memcached, a high-performance memory object
caching system, is vulnerable to several heap-based buffer overflows due
to integer conversions when parsing certain length attributes. An
attacker can use this to execute arbitrary code on the system running
memcached (on etch with root privileges).


For the oldstable distribution (etch), this problem has been fixed in
version 1.1.12-1+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 1.2.2-1+lenny1.

For the testing (squeeze) and unstable (sid) distribution , this problem
will be fixed soon.


We recommend that you upgrade your memcached packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.dsc
Size/MD5 checksum: 606 9a63482efb7bfb3191151a0b10b35555
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12.orig.tar.gz
Size/MD5 checksum: 114103 a1236dad33e9ac6c36d53faa8da61780
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz
Size/MD5 checksum: 5036 ed868d7fe781857da5521be8e7990dcf

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_alpha.deb
Size/MD5 checksum: 37136 12da02a8e31acb33ca3fd15ed3753d3d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_amd64.deb
Size/MD5 checksum: 35120 22ca27f910d20339f8c8eebf86a2993c

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_arm.deb
Size/MD5 checksum: 34078 2ef29a9d59010d5bd632b77c5b3cb19e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_hppa.deb
Size/MD5 checksum: 36180 e7f189a8888aabd4098d08ea45d968df

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_i386.deb
Size/MD5 checksum: 33578 92577cf894c3cb5ea31c5afe46ea29e1

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_ia64.deb
Size/MD5 checksum: 42662 f32d322349e596606f256680b8f4df77

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mips.deb
Size/MD5 checksum: 36228 7f3ea92644ea51084d7c0fdb0fd2c058

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mipsel.deb
Size/MD5 checksum: 36250 a3b97ae608eddf08378fe497f3a2077c

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_powerpc.deb
Size/MD5 checksum: 36314 0bc6427cdfb2ebb3a468bb50169c255a

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_s390.deb
Size/MD5 checksum: 35380 c9b8cb353dd7cc6230fb6feac27f5802

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_sparc.deb
Size/MD5 checksum: 33348 1230f81f8c821e829fcdc59ce2b4841b


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.dsc
Size/MD5 checksum: 1003 e2c6982872f043ecaa826889bddbffa7
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2.orig.tar.gz
Size/MD5 checksum: 166201 a08851f7fa7b15e92ee6320b7a79c321
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz
Size/MD5 checksum: 4624 54f919c679fbb376f2883819e3d67ada

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_alpha.deb
Size/MD5 checksum: 50870 fad5be29b7231adc04161fea3557046a

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_amd64.deb
Size/MD5 checksum: 47416 4b488a56ddddc43037f8788a3af944de

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_arm.deb
Size/MD5 checksum: 45876 ee8373eb90be8d4c7ab96be7075330ec

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_armel.deb
Size/MD5 checksum: 47516 c73b57ac18a20dbad1b58887ae598c49

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_hppa.deb
Size/MD5 checksum: 47974 3fbd7a57bf48a6decda69b0fdc81ccfc

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_i386.deb
Size/MD5 checksum: 45042 a1f4534c8649d73e55a31d043133e23c

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_ia64.deb
Size/MD5 checksum: 59314 feb4dd69d62a290921fc1205ed10a6f0

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mips.deb
Size/MD5 checksum: 47760 a94db07e8fbcd0d2124b32ab22fb448f

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mipsel.deb
Size/MD5 checksum: 48264 fbe37552809c4c85e87b74df0c1a2628

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_powerpc.deb
Size/MD5 checksum: 50058 2b1acee838d74e7f99d7a07b0442beba

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_s390.deb
Size/MD5 checksum: 47950 fd34aa8828a11fa62ce68898b3f257e5

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_sparc.deb
Size/MD5 checksum: 45460 23e259ea06101d22d14b725fea3b3b39


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp8SUwACgkQHYflSXNkfP/JdACcDT2MvR9+ehWdCnW74hUqM5u+
K1sAn2jeynQj/niSJQS8f0956oHajrPx
=tcXU
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close