CVE-2013-7239
Published: 1 January 2014
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
Notes
Author | Note |
---|---|
mdeslaur | precise isn't built with sasl support |
Priority
Status
Package | Release | Status |
---|---|---|
memcached Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
precise |
Not vulnerable
(vulnerable code not compiled)
|
|
quantal |
Released
(1.4.14-0ubuntu1.12.10.1)
|
|
raring |
Released
(1.4.14-0ubuntu1.13.04.1)
|
|
saucy |
Released
(1.4.14-0ubuntu4.1)
|
|
upstream |
Released
(1.4.17,1.4.13-0.3)
|
|
Patches: upstream: https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32 |