[Secure-testing-team] Bug#733643: memcached: CVE-2013-7239: SASL authentication allows wrong credentials to access memcache
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 30 16:30:30 UTC 2013
Package: memcached
Version: 1.4.13-0.2
Severity: grave
Tags: security upstream fixed-upstream patch
Control: forwarded -1 https://code.google.com/p/memcached/issues/detail?id=316
Hi
memcached from wheezy on is affected by an authentication bypass issue
when SASL authentication is turned on. Quoting upstream bugreport:
1. Ran memcached server with following flags -S -d -m 1024 0.0.0.0 -p
11211 -u ubuntu
2. Add user with saslpasswd2 -a memcached -c newuser
3. Pointed cached store: dalli_store, 'domain.com:11211', { :username => newuser, :password *** } ( I am using dalli gem in Rails application)
4. When I try to access memcache with wrong credentials, on the first
try I get message that authentication failed, which is fine. But, when
I try again to access the cache it lets me do it even I have provided
wrong credentials.
This is reported upstream as [1]. Upstream has commited a patch to
resolve this issue at [2]. The testsuite addition demostrates the
probelm as well.
CVE-2013-7239 is assigned for this issue.
[1] https://code.google.com/p/memcached/issues/detail?id=316
[2] https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32
Regards,
Salvatore
More information about the Secure-testing-team
mailing list