Upstream information

CVE-2009-1494 at MITRE

Description

The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 501656 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Server Applications 15
  • memcached >= 1.5.6-2.10
  • memcached-devel >= 1.5.6-2.10
Patchnames:
SUSE Linux Enterprise Module for Server Applications 15 GA memcached
SUSE Linux Enterprise Server 12 SP3
  • memcached >= 1.4.33-3.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA memcached
SUSE Linux Enterprise Software Development Kit 11 SP4
  • memcached >= 1.2.6-5.17.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA memcached
SUSE OpenStack Cloud 6
  • memcached >= 1.4.15-1.2
Patchnames:
SUSE OpenStack Cloud 6 GA memcached
SUSE Linux Enterprise SDK 11 GA
  • memcached >= 1.2.6-5.16.1
sle11-sdk.x86
sle11-debuginfo.ia64
sle11-sdk.ppc
sle11-debuginfo.x86
sle11-sdk.s390x
sle11-sdk.ia64
sle11-debuginfo.x86-64
sle11-debuginfo.s390x
sle11-debuginfo.ppc
sle11-sdk.x86-64
SAT Patch Nr: 1167
openSUSE 11.0
  • memcached-debuginfo >= 1.2.2-49.2
  • memcached-debugsource >= 1.2.2-49.2
openSUSE 11.0
  • memcached >= 1.2.2-49.2
openSUSE 11.1
  • memcached-debuginfo >= 1.2.6-5.7.1
  • memcached-debugsource >= 1.2.6-5.7.1
openSUSE 11.1
  • memcached >= 1.2.6-5.7.1
openSUSE Tumbleweed
  • memcached >= 1.4.33-1.1
  • memcached-devel >= 1.4.33-1.1
Patchnames:
openSUSE Tumbleweed GA memcached