CVE-2018-1000115: memcached: UDP server support allows spoofed traffic amplification DoS.
This document (7022726) is provided subject to the disclaimer at the end of this document.
SUSE Enterprise Storage 4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
This attack appears to be exploitable via network connectivity to port 11211 UDP.
This vulnerability is fixed in version 1.5.6 due to disabling of the UDP protocol by default.
SUSE is planning to release an update to the memcached package that will slightly change this behavior in the future.
Going forward, UDP will then be disabled by default and it has to be actively enabled by specifiying the "-U" option with the port it should be listening on.
It is possibly to verify whether a system is vulnerable to this memcached vulnerability, by looking at the output of the netstat command and verify whether the memcached daemon is listening on localhost or not.
> aquarius:~ # netstat -ulpn | grep memcached
> udp 0 0 127.0.0.1:11211 0.0.0.0:* 30587/memcached
When the fourth column (127.0.0.1:11211) contains anything different than 127.0.0.1, the system is affected (unless there is a firewall in place, etc.) and then the configuration was indeed modified in the past.
Following the upcoming memcached update, the configuration may also need to be adjusted to explicitly tell
memcached to listen on a specific UDP address/port.
There is currently no ETA available for when this update will be released.
- Document ID:7022726
- Creation Date: 12-Mar-2018
- Modified Date:03-Mar-2020
- SUSE Enterprise Storage
- SUSE Linux Enterprise Server
- SUSE Open Stack Cloud
For questions or concerns with the SUSE Knowledgebase please contact: email@example.com