Security Memcached : UDP server support allows spoofed traffic amplification DoS
Bug #1753425 reported by
Kevin Tibi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Fix Released
|
Critical
|
Unassigned | ||
Ocata |
Fix Released
|
Critical
|
Unassigned | ||
Pike |
Fix Released
|
Critical
|
Unassigned | ||
Queens |
Fix Released
|
Critical
|
Unassigned |
Bug Description
memcached supports TCP and UDP servers, when the UDP server is enabled, and the configuration does not specify localhost or 127.0.0.1, and the server does not firewall the memcached port (11211 by default) can be exploited for network traffic amplification attacks by spoofed UDP packets.
CVE-2018-1000115
https:/
We need to disable UDP on memcached.
description: | updated |
description: | updated |
Changed in kolla-ansible: | |
importance: | Undecided → Critical |
Changed in kolla-ansible: | |
assignee: | nobody → Chason Chan (chen-xing) |
Changed in kolla-ansible: | |
assignee: | Chason Chan (chen-xing) → nobody |
To post a comment you must log in.
This is already fixed by https:/ /review. openstack. org/#/q/ I30acb41f1209c0 d07eb58f4feec91 bc53146dcea