CVE-2013-7239
Published: 1 January 2014
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
Notes
| Author | Note |
|---|---|
| mdeslaur | precise isn't built with sasl support |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
memcached Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Not vulnerable
(vulnerable code not compiled)
|
|
| quantal |
Released
(1.4.14-0ubuntu1.12.10.1)
|
|
| raring |
Released
(1.4.14-0ubuntu1.13.04.1)
|
|
| saucy |
Released
(1.4.14-0ubuntu4.1)
|
|
| upstream |
Released
(1.4.17,1.4.13-0.3)
|
|
|
Patches: upstream: https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32 |
||