Bug 19916 - Memcached ASLR Information Disclosure Weakness (CVE-2009-1255)
Summary: Memcached ASLR Information Disclosure Weakness (CVE-2009-1255)
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: memcached (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Alexey Shabalin
QA Contact: qa-sisyphus
URL: http://www.securityfocus.com/bid/3475...
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-05-04 22:59 MSD by Vladimir Lettiev
Modified: 2009-05-25 20:17 MSD (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-05-04 22:59:30 MSD 
В Memcached обнаружена уязвимость, приводящая к утечке информации из /proc/self/maps, что может позволить атакующему преодолеть защиту ASLR (Address Space Layout Randomization), выявить адрес загрузки системных библиотек, что может быть использовано для проведения других видов атак.
Исправление доступно в версии 1.2.8
Comment 1 Repository Robot 2009-05-05 09:15:58 MSD 
memcached-1.2.8-alt1 -> sisyphus:

* Tue May 05 2009 Denis Klimov <zver@altlinux> 1.2.8-alt1

- new version
- critial bug fix leak memory from /proc/self/maps (ALT #19916)
- remove packager tag
- not package needless scripts
Comment 2 Vladimir Lettiev 2009-05-10 08:37:48 MSD 
ok
Comment 3 Vladimir Lettiev 2009-05-25 20:17:33 MSD 
closed