CVE-2009-1255
MemcacheDB < 1.2.0 - Unauthenticated Sensitive Information Exposure via Stats Commands
Title source: llmDescription
The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.
References (19)
Core 19
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50221
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:105
Exploit x_refsource_misc
http://www.positronsecurity.com/advisories/2009-001.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022140
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html
Exploit, Patch x_refsource_confirm
http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503064/100/0/threaded
Mailing List x_refsource_confirm
http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35175
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54127
Issue Tracking x_refsource_confirm
http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
Issue Tracking x_refsource_confirm
http://code.google.com/p/memcachedb/source/detail?r=98
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34756
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1196
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34932
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34915
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1197
Scores
EPSS
0.0225
EPSS Percentile
80.8%
Details
CWE
CWE-200
Status
published
Products (15)
memcachedb/memcached
0.0.1
memcachedb/memcached
0.0.2
memcachedb/memcached
0.0.3
memcachedb/memcached
0.0.4
memcachedb/memcached
0.1.0
memcachedb/memcached
0.1.1
memcachedb/memcached
1.0.0 beta
memcachedb/memcached
1.0.1 beta
memcachedb/memcached
1.0.2 beta
memcachedb/memcached
1.0.3
... and 5 more
Published
Apr 30, 2009
Tracked Since
Feb 18, 2026