Exploit the possiblities

Debian Linux Security Advisory 1853-1

Debian Linux Security Advisory 1853-1
Posted Aug 10, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1853-1 - Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached (on etch with root privileges).

tags | advisory, overflow, arbitrary, root
systems | linux, debian
advisories | CVE-2009-2415
MD5 | ace69dee2688059a53d61708b380ae99

Debian Linux Security Advisory 1853-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1853-1 security@debian.org
http://www.debian.org/security/ Nico Golde
August 7th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : memcached
Vulnerability : heap-based buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2415

Ronald Volgers discovered that memcached, a high-performance memory object
caching system, is vulnerable to several heap-based buffer overflows due
to integer conversions when parsing certain length attributes. An
attacker can use this to execute arbitrary code on the system running
memcached (on etch with root privileges).


For the oldstable distribution (etch), this problem has been fixed in
version 1.1.12-1+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 1.2.2-1+lenny1.

For the testing (squeeze) and unstable (sid) distribution , this problem
will be fixed soon.


We recommend that you upgrade your memcached packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.dsc
Size/MD5 checksum: 606 9a63482efb7bfb3191151a0b10b35555
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12.orig.tar.gz
Size/MD5 checksum: 114103 a1236dad33e9ac6c36d53faa8da61780
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz
Size/MD5 checksum: 5036 ed868d7fe781857da5521be8e7990dcf

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_alpha.deb
Size/MD5 checksum: 37136 12da02a8e31acb33ca3fd15ed3753d3d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_amd64.deb
Size/MD5 checksum: 35120 22ca27f910d20339f8c8eebf86a2993c

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_arm.deb
Size/MD5 checksum: 34078 2ef29a9d59010d5bd632b77c5b3cb19e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_hppa.deb
Size/MD5 checksum: 36180 e7f189a8888aabd4098d08ea45d968df

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_i386.deb
Size/MD5 checksum: 33578 92577cf894c3cb5ea31c5afe46ea29e1

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_ia64.deb
Size/MD5 checksum: 42662 f32d322349e596606f256680b8f4df77

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mips.deb
Size/MD5 checksum: 36228 7f3ea92644ea51084d7c0fdb0fd2c058

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mipsel.deb
Size/MD5 checksum: 36250 a3b97ae608eddf08378fe497f3a2077c

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_powerpc.deb
Size/MD5 checksum: 36314 0bc6427cdfb2ebb3a468bb50169c255a

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_s390.deb
Size/MD5 checksum: 35380 c9b8cb353dd7cc6230fb6feac27f5802

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_sparc.deb
Size/MD5 checksum: 33348 1230f81f8c821e829fcdc59ce2b4841b


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.dsc
Size/MD5 checksum: 1003 e2c6982872f043ecaa826889bddbffa7
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2.orig.tar.gz
Size/MD5 checksum: 166201 a08851f7fa7b15e92ee6320b7a79c321
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz
Size/MD5 checksum: 4624 54f919c679fbb376f2883819e3d67ada

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_alpha.deb
Size/MD5 checksum: 50870 fad5be29b7231adc04161fea3557046a

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_amd64.deb
Size/MD5 checksum: 47416 4b488a56ddddc43037f8788a3af944de

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_arm.deb
Size/MD5 checksum: 45876 ee8373eb90be8d4c7ab96be7075330ec

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_armel.deb
Size/MD5 checksum: 47516 c73b57ac18a20dbad1b58887ae598c49

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_hppa.deb
Size/MD5 checksum: 47974 3fbd7a57bf48a6decda69b0fdc81ccfc

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_i386.deb
Size/MD5 checksum: 45042 a1f4534c8649d73e55a31d043133e23c

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_ia64.deb
Size/MD5 checksum: 59314 feb4dd69d62a290921fc1205ed10a6f0

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mips.deb
Size/MD5 checksum: 47760 a94db07e8fbcd0d2124b32ab22fb448f

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mipsel.deb
Size/MD5 checksum: 48264 fbe37552809c4c85e87b74df0c1a2628

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_powerpc.deb
Size/MD5 checksum: 50058 2b1acee838d74e7f99d7a07b0442beba

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_s390.deb
Size/MD5 checksum: 47950 fd34aa8828a11fa62ce68898b3f257e5

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_sparc.deb
Size/MD5 checksum: 45460 23e259ea06101d22d14b725fea3b3b39


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp8SUwACgkQHYflSXNkfP/JdACcDT2MvR9+ehWdCnW74hUqM5u+
K1sAn2jeynQj/niSJQS8f0956oHajrPx
=tcXU
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close