Piping null to the server will crash it

Bug #558328 reported by Thierry Carrez
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
memcached (Ubuntu)
Fix Released
Medium
Unassigned
Lucid
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: memcached

Taken from http://code.google.com/p/memcached/issues/detail?id=102

1. do "cat /dev/zero | nc -q1 127.0.0.1 11211"
2. Wait a short while
3. Watch the server crash

This was fixed in memcached 1.4.3

Related branches

CVE References

Revision history for this message
Thierry Carrez (ttx) wrote :
Revision history for this message
Chuck Short (zulcss) wrote :

I was able to reproduce this on lucid.

Regards
chuck

Changed in memcached (Ubuntu Lucid):
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.4.2-1ubuntu1

---------------
memcached (1.4.2-1ubuntu1) lucid; urgency=low

  * debian/patches/fix-issue-102-segfault.patch: Fix segfault when client is
    sending bad data (LP: #558328)
 -- Chuck Short <email address hidden> Thu, 08 Apr 2010 11:01:23 -0400

Changed in memcached (Ubuntu Lucid):
status: Confirmed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Upstream also used this patch to use strncmp instead:
http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719

This is need to properly fix this issue.

Changed in memcached (Ubuntu Lucid):
status: Fix Released → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.4.2-1ubuntu2

---------------
memcached (1.4.2-1ubuntu2) lucid; urgency=low

  * debian/patches/fix-issue-102-segfault.patch: Update patch with a more
    propper fix. (LP: #558328)
 -- Chuck Short <email address hidden> Thu, 15 Apr 2010 08:34:42 -0400

Changed in memcached (Ubuntu Lucid):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.