Remote buffer overflow DOS 0-day in Memcached 1.6.0 and 1.6.1 (latest)

栏目: IT技术 · 发布时间: 4年前

内容简介:Hi, Memcached team,Recently, I revealed a buffer overflow vulnerability which may cause DOS attack. The exploit details can be found as following.memcached-1.6.0

Hi, Memcached team,

Recently, I revealed a buffer overflow vulnerability which may cause DOS attack. The exploit details can be found as following.

Affect Version

memcached-1.6.0

memcached-1.6.1

Root cause

file location: memcached.c:6156-6187

Remote buffer overflow DOS 0-day in Memcached 1.6.0 and 1.6.1 (latest)

Code Audit

6178   char extbuf[sizeof(c->binary_header) + BIN_MAX_EXTLEN];
6179   memcpy(extbuf + sizeof(c->binary_header), c->rcurr + sizeof(c->binary_header), **extlen**);

in line 6179, since there is no mechanism to verify the parameter's length, in this case, the length of " extlen " when calling memcpy function, It will cause buffer overflow if large value assigned to the extlen variable.

POC

0x80 0x01 [0x00 0x00] keylen

[0x30] extlen 0x00 0x00 x00

for the POC snippet, first, if I assign a large value to the variable extlen , on the other hand, in order to bypass the validation of data packet which sent in following code snippet,

6156 if (c->rbytes < keylen + extlen + sizeof(c->binary_header))

we can construct a very large data packet and send it to the server running memcached 1.6.0 or 1.6.1 anonymously. After that, the program will crash because of the issue mentioned above.

Note: Please confirm this issue ASAP. Besides, just letting you know, I am gonna submit this issue to CVE mitre.

Please let me if you have any questions.

Sincerely,

Icejl


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

赢在设计

赢在设计

[美] 洛芙迪 (Lance Loveday)、[美] 尼豪斯 (Sandra Niehaus) / 刘淼、枊靖、王卓昊 / 人民邮电出版社 / 2010-8 / 55.00

企业总是面临在网站设计和改进方面进行投资的抉择。怎样才能让有限的资金发挥出最大的效益呢?网站设计不应只是把网站做得赏心悦目,它更应该是提高经济收益和获得竞争优势的战略利器。是时候让网站发挥其潜能,以业务指标为导向来做设计决策,为提升网站收益而设计了。 作者凭借多年为众多网站做咨询工作的经验,为我们揭示了赢在设计的奥秘。它针对目前网站设计中存在的典型问题,先从宏观上探讨解决问题的战略手段,围绕......一起来看看 《赢在设计》 这本书的介绍吧!

XML 在线格式化
XML 在线格式化

在线 XML 格式化压缩工具

正则表达式在线测试
正则表达式在线测试

正则表达式在线测试

HEX CMYK 转换工具
HEX CMYK 转换工具

HEX CMYK 互转工具