Unrated severityNVD Advisory· Published Apr 30, 2009· Updated Apr 23, 2026
CVE-2009-1255
CVE-2009-1255
Description
The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.
Affected products
15cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*range: <=1.2.0
- cpe:2.3:a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- code.google.com/p/memcachedb/source/diffnvdExploitPatch
- www.positronsecurity.com/advisories/2009-001.htmlnvdExploit
- secunia.com/advisories/34915nvdVendor Advisory
- secunia.com/advisories/34932nvdVendor Advisory
- www.vupen.com/english/advisories/2009/1196nvdVendor Advisory
- www.vupen.com/english/advisories/2009/1197nvdVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.htmlnvd
- code.google.com/p/memcachedb/source/browse/trunk/ChangeLognvd
- code.google.com/p/memcachedb/source/detailnvd
- groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40envd
- osvdb.org/54127nvd
- secunia.com/advisories/35175nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/archive/1/503064/100/0/threadednvd
- www.securityfocus.com/bid/34756nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/50221nvd
- www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.htmlnvd
News mentions
0No linked articles in our index yet.