Comment 9 for bug 1006414

I can agree with the reduced severity due to the attack vector and the additional steps needed.
I wish I could agree to the conclusion that this is not a vulnerability. It is a privilege escalation; an abuse is possible that crosses privilege boundaries to execute system commands.

The open question for me is only the level of impact. How likely is it to gain access to the internal network for an external attacker or an untrusted customer/user using a VM instance? What I heard from Sebastian is that it is really hard to separate the network if the attacker is an untrusted customer using a VM to execute network-level attacks.
Additionally Sebastian mentioned some ideas about alternative attack vectors in comment #2.
Sebastian, did you try to follow this ideas?
I also would not trust the authenticated user because OpenStack, by default, supports only password-based authentication and is at least vulnerable to brute force attacks.
So, for me it is a vulnerability with an yet unknown impact level.

The attack could be mitigated using authentication for memcached.

http://code.google.com/p/memcached/wiki/SASLAuthProtocol
http://dustin.github.com/2010/08/08/memcached-security.html
http://www.sensepost.com/blog/4873.html