FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

memcached -- memcached stats maps Information Disclosure Weakness

Affected packages
memcached < 1.2.8

Details

VuXML ID 86ada694-8b30-11de-b9d0-000c6e274733
Discovery 2009-04-29
Entry 2009-08-17

Secunia reports:

A weakness has been reported in memcached, which can be exploited by malicious people to disclose system information.

The weakness is caused due to the application disclosing the content of /proc/self/maps if a stats maps command is received. This can be exploited to disclose e.g. the addresses of allocated memory regions.

References

CVE Name CVE-2009-1255
URL http://secunia.com/advisories/34915/