Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 May 2009 14:08:15 GMT
From:      Mark Foster <mark@foster.cc>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/134206: vuxml submission for databases/memcached
Message-ID:  <200905041408.n44E8Fj5062171@www.freebsd.org>
Resent-Message-ID: <200905041410.n44EA1ux047088@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         134206
>Category:       ports
>Synopsis:       vuxml submission for databases/memcached
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 04 14:10:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Mark Foster
>Release:        7.1 RELEASE
>Organization:
Credentia
>Environment:
>Description:
vulnerability announced in memcached. Port is already at 1.2.8 which is not vulnerable, so this vuxml is for the laggers.
>How-To-Repeat:

>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
   <vuln vid="db026d59-05d0-4544-8cd2-f2a9ab37ce26">
     <topic>memcached -- memcached stats maps Information Disclosure Weakness</topic>
     <affects>
       <package>
         <name>memcached</name>
         <range><le>1.2.8</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
         <p>Secunia reports:</p>
         <blockquote cite="http://secunia.com/advisories/34915/">;
           <p>A weakness has been reported in memcached which can be exploited by malicious people to disclose system information.

The weakness is caused due to the application disclosing the content of /proc/self/maps if a stats maps command is received. This can be exploited to disclose e.g. the addresses of allocated memory regions.

The weakness is reported in version 1.2.7. Prior versions may also be affected.</p>
         </blockquote>
       </body>
     </description>
     <references>
      <url>http://secunia.com/advisories/34915/</url>;
     </references>
     <dates>
       <discovery>2009-04-29</discovery>
       <entry>2009-05-04</entry>
     </dates>
   </vuln>



>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905041408.n44E8Fj5062171>