Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2009-1494

Published: 30 April 2009

The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port.

Notes

Author	Note
jdstrand	should not be a real issue before 1.2.8

Priority

Status

Package	Release	Status
memcached Launchpad, Ubuntu, Debian	dapper	Ignored
	hardy	Ignored
	intrepid	Ignored
	jaunty	Ignored
	karmic	Not vulnerable (1.2.8-1)
	upstream	Released (1.2.8-1)
	Patches: upstream: http://code.google.com/p/memcachedb/source/detail?r=98

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526554

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading