Security Memcached : UDP server support allows spoofed traffic amplification DoS
Bug #1753425 reported by
Kevin Tibi
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| kolla-ansible |
Fix Released
|
Critical
|
Unassigned | ||
| Ocata |
Fix Released
|
Critical
|
Unassigned | ||
| Pike |
Fix Released
|
Critical
|
Unassigned | ||
| Queens |
Fix Released
|
Critical
|
Unassigned | ||
Bug Description
memcached supports TCP and UDP servers, when the UDP server is enabled, and the configuration does not specify localhost or 127.0.0.1, and the server does not firewall the memcached port (11211 by default) can be exploited for network traffic amplification attacks by spoofed UDP packets.
CVE-2018-1000115
https:/
We need to disable UDP on memcached.
| description: | updated |
| description: | updated |
| Changed in kolla-ansible: | |
| importance: | Undecided → Critical |
| Changed in kolla-ansible: | |
| assignee: | nobody → Chason Chan (chen-xing) |
| Changed in kolla-ansible: | |
| assignee: | Chason Chan (chen-xing) → nobody |
Revision history for this message
| Jeffrey Zhang (jeffrey4l) wrote | #1 |
| Changed in kolla-ansible: | |
| status: | New → Fix Committed |
| status: | Fix Committed → Fix Released |
| information type: | Private Security → Public Security |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/kolla-ansible 7.0.0.0b2 | #2 |
To post a comment you must log in.
This is already fixed by https:/