CVE-2009-1255
Published Apr 30, 2009
Last updated 6 years ago
Overview
- Description
- The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82B62E56-CCC2-4239-8B5C-81FF1D6BF32F",
"versionEndIncluding": "1.2.0"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F664659-721C-4387-A06C-AD30DD9AF762"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18A83632-06E4-4978-909A-5E145F7A654F"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A511459-F98A-4192-8E79-24766D296A47"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DC3886A-4C1B-49B9-A334-E9A1C8CA5309"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD764B57-6985-4DD2-BA3C-09912715A56A"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E433DCE9-8C2E-47AC-907E-8306D322D0A6"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8164AFC1-6320-44C1-8872-9C26A5E1C173"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6397D3FD-EF1F-4B0C-BA6C-26131820A653"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2616A383-92BE-4FD2-8A62-8A2CF1F69830"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F500EE98-0AAA-4C9E-91DF-313E6812CC50"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF0C217E-B2E4-472A-AE6A-C95D73C8FE4D"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07FCB8CB-1434-4486-858D-BC509246231D"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BE87DDD-FF8E-47B2-A30B-7C32ADA6C02A"
},
{
"criteria": "cpe:2.3:a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A76FC002-9B7C-4F3D-A2E7-E416CD6C6336"
}
],
"operator": "OR"
}
]
}
]