CVE-2009-1255

MemcacheDB < 1.2.0 - Unauthenticated Sensitive Information Exposure via Stats Commands

Title source: llm
STIX 2.1

Description

The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.

References (19)

Core 19
Core References
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50221
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:105
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022140
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503064/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35175
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/54127
Issue Tracking x_refsource_confirm
http://code.google.com/p/memcachedb/source/detail?r=98
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34756
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1196
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34932
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34915
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1197

Scores

EPSS 0.0225
EPSS Percentile 80.8%

Details

CWE
CWE-200
Status published
Products (15)
memcachedb/memcached 0.0.1
memcachedb/memcached 0.0.2
memcachedb/memcached 0.0.3
memcachedb/memcached 0.0.4
memcachedb/memcached 0.1.0
memcachedb/memcached 0.1.1
memcachedb/memcached 1.0.0 beta
memcachedb/memcached 1.0.1 beta
memcachedb/memcached 1.0.2 beta
memcachedb/memcached 1.0.3
... and 5 more
Published Apr 30, 2009
Tracked Since Feb 18, 2026