7.5

CVE-2018-1000115

Exploit
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MemcachedMemcached Version1.5.5
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
RedhatOpenstack Version8
RedhatOpenstack Version9
RedhatOpenstack Version10
RedhatOpenstack Version11
RedhatOpenstack Version12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 88.64% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://usn.ubuntu.com/3588-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4218
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1593
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1627
Third Party Advisory
https://access.redhat.com/errata/RHBA-2018:2140
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2331
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2857
Third Party Advisory
https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
Third Party Advisory
https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
Patch
Third Party Advisory
https://github.com/memcached/memcached/issues/348
Third Party Advisory
Issue Tracking
https://github.com/memcached/memcached/wiki/ReleaseNotes156
Third Party Advisory
https://twitter.com/dormando/status/968579781729009664
Third Party Advisory
https://www.exploit-db.com/exploits/44264/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/44265/
Third Party Advisory
Exploit
VDB Entry
https://www.synology.com/support/security/Synology_SA_18_07
Third Party Advisory