CVE-2009-1255

Name of the Vulnerable Software and Affected Versions Memcached versions prior to 1.2.8 MemcacheDB version 1.2.0

Description The issue allows remote attackers to obtain sensitive information, such as the locations of memory regions, by sending a command to the daemon's TCP port. This can defeat ASLR protection. The process stat function discloses the contents of /proc/self/maps in response to a stats maps command and memory-allocation statistics in response to a stats malloc command.

Recommendations For Memcached versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. For MemcacheDB version 1.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the stats maps and stats malloc commands to minimize the risk of exploitation.