CVE-2013-7239

Published: 1 January 2014

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.

Notes

Author	Note
mdeslaur	precise isn't built with sasl support

Priority

Status

Package	Release	Status
memcached Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Not vulnerable (vulnerable code not compiled)
	quantal	Released (1.4.14-0ubuntu1.12.10.1)
	raring	Released (1.4.14-0ubuntu1.13.04.1)
	saucy	Released (1.4.14-0ubuntu4.1)
	upstream	Released (1.4.17,1.4.13-0.3)
	Patches: upstream: https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32

References

https://code.google.com/p/memcached/wiki/ReleaseNotes1417
https://ubuntu.com/security/notices/USN-2080-1
https://www.cve.org/CVERecord?id=CVE-2013-7239
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733643
https://code.google.com/p/memcached/issues/detail?id=316

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›