Vigil@nce - memcached: denial of service
April 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker, allowed to connect to the port of memcached, can
generate a denial of service.
Severity: 2/4
Creation date: 09/04/2010
DESCRIPTION OF THE VULNERABILITY
The memcached daemon provides distributed memory caching. It
listens on the port 11211/tcp.
Clients send commands to memcached, which are formatted like:
get command [line feed]
However, if a client sends a lot of data, with no line feed,
memcached stores them all. When the memory limit is reached,
memcached stops.
An attacker, allowed to connect to the port of memcached, can
therefore generate a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/memcached-denial-of-service-9566