CVE-2018-1000115: memcached: UDP server support allows spoofed traffic amplification DoS.
This document (7022726) is provided subject to the disclaimer at the end of this document.
SUSE Enterprise Storage 4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
This attack appears to be exploitable via network connectivity to port 11211 UDP.
This vulnerability is fixed in version 1.5.6 due to disabling of the UDP protocol by default.
SUSE is planning to release an update to the memcached package that will slightly change this behavior in the future.
Going forward, UDP will then be disabled by default and it has to be actively enabled by specifiying the "-U" option with the port it should be listening on.
It is possibly to verify whether a system is vulnerable to this memcached vulnerability, by looking at the output of the netstat command and verify whether the memcached daemon is listening on localhost or not.
> aquarius:~ # netstat -ulpn | grep memcached
> udp 0 0 127.0.0.1:11211 0.0.0.0:* 30587/memcached
When the fourth column (127.0.0.1:11211) contains anything different than 127.0.0.1, the system is affected (unless there is a firewall in place, etc.) and then the configuration was indeed modified in the past.
Following the upcoming memcached update, the configuration may also need to be adjusted to explicitly tell
memcached to listen on a specific UDP address/port.
There is currently no ETA available for when this update will be released.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7022726
- Creation Date:12-MAR-18
- Modified Date:16-MAR-18
- NovellSUSE Enterprise StorageSUSE OpenStack Cloud
- SUSESUSE Linux Enterprise Server