PT-2018-9294 · Memcached+3 · Memcached+3

037

Publicado

2018-03-04

Atualizado

2024-06-15

CVE-2018-1000115

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Memcached version 1.5.5

Description: The issue is related to an Insufficient Control of Network Message Volume in the UDP support of the memcached server, which can result in denial of service via network flood. The traffic amplification ratio is reported to be 1:50,000. This can be exploited via network connectivity to port 11211 UDP.

Recommendations: For Memcached version 1.5.5, update to version 1.5.6, which fixes the issue by disabling the UDP protocol by default.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2018-1347

ALT-PU-2018-2764

CVE-2018-1000115

DSA-4218-1

MGASA-2018-0165

OPENSUSE-SU-2024:11045-1

RHSA-2018:1593

RHSA-2018:1627

RHSA-2018:2331

RHSA-2018:2857

SUSE-RU-2018:1071-1

SUSE-RU-2020:2072-1

SUSE-SU-2018:0955-1

SUSE-SU-2018:1103-1

SUSE-SU-2018:1326-1

SUSE-SU-2018_0955-1

SUSE-SU-2018_1326-1

USN-3588-1

Produtos afetados

Alt Linux

Memcached

Suse

Ubuntu

PT-2018-9294 · Memcached+3 · Memcached+3

CVE-2018-1000115

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 127