Piping null to the server will crash it

Bug #558328 reported by Thierry Carrez on 2010-04-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
memcached (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned

Bug Description

Binary package hint: memcached

Taken from http://code.google.com/p/memcached/issues/detail?id=102

1. do "cat /dev/zero | nc -q1 127.0.0.1 11211"
2. Wait a short while
3. Watch the server crash

This was fixed in memcached 1.4.3

Related branches

CVE References

Chuck Short (zulcss) wrote :

I was able to reproduce this on lucid.

Regards
chuck

Changed in memcached (Ubuntu Lucid):
importance: Undecided → Medium
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.4.2-1ubuntu1

---------------
memcached (1.4.2-1ubuntu1) lucid; urgency=low

  * debian/patches/fix-issue-102-segfault.patch: Fix segfault when client is
    sending bad data (LP: #558328)
 -- Chuck Short <email address hidden> Thu, 08 Apr 2010 11:01:23 -0400

Changed in memcached (Ubuntu Lucid):
status: Confirmed → Fix Released
Jamie Strandboge (jdstrand) wrote :

Upstream also used this patch to use strncmp instead:
http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719

This is need to properly fix this issue.

Changed in memcached (Ubuntu Lucid):
status: Fix Released → Triaged
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.4.2-1ubuntu2

---------------
memcached (1.4.2-1ubuntu2) lucid; urgency=low

  * debian/patches/fix-issue-102-segfault.patch: Update patch with a more
    propper fix. (LP: #558328)
 -- Chuck Short <email address hidden> Thu, 15 Apr 2010 08:34:42 -0400

Changed in memcached (Ubuntu Lucid):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers