内容简介:Hi, Memcached team,Recently, I revealed a buffer overflow vulnerability which may cause DOS attack. The exploit details can be found as following.memcached-1.6.0
Hi, Memcached team,
Recently, I revealed a buffer overflow vulnerability which may cause DOS attack. The exploit details can be found as following.
Affect Version
memcached-1.6.0
memcached-1.6.1
Root cause
file location: memcached.c:6156-6187
Code Audit
6178 char extbuf[sizeof(c->binary_header) + BIN_MAX_EXTLEN]; 6179 memcpy(extbuf + sizeof(c->binary_header), c->rcurr + sizeof(c->binary_header), **extlen**);
in line 6179, since there is no mechanism to verify the parameter's length, in this case, the length of " extlen " when calling memcpy function, It will cause buffer overflow if large value assigned to the extlen variable.
POC
0x80 0x01 [0x00 0x00] keylen [0x30] extlen 0x00 0x00 x00
for the POC snippet, first, if I assign a large value to the variable extlen , on the other hand, in order to bypass the validation of data packet which sent in following code snippet,
6156 if (c->rbytes < keylen + extlen + sizeof(c->binary_header))
we can construct a very large data packet and send it to the server running memcached 1.6.0 or 1.6.1 anonymously. After that, the program will crash because of the issue mentioned above.
Note: Please confirm this issue ASAP. Besides, just letting you know, I am gonna submit this issue to CVE mitre.
Please let me if you have any questions.
Sincerely,
Icejl
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Spark技术内幕
张安站 / 机械工业出版社 / 2015-9-1
Spark是不断壮大的大数据分析解决方案家族中备受关注的新增成员。它不仅为分布式数据集的处理提供一个有效框架,而且以高效的方式处理分布式数据集。它支持实时处理、流处理和批处理,提供了AllinOne的统一解决方案,使得Spark极具竞争力。 本书以源码为基础,深入分析Spark内核的设计理念和架构实现,系统讲解各个核心模块的实现,为性能调优、二次开发和系统运维提供理论支持;本文最后以项目实战......一起来看看 《Spark技术内幕》 这本书的介绍吧!
