Candidate: CVE-2009-1255
PublicDate: 2009-04-30 20:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1255
 http://www.positronsecurity.com/advisories/2009-001.html
 http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
 http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
Description:
 The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB
 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats
 maps command and (b) memory-allocation statistics in response to a stats
 malloc command, which allows remote attackers to obtain sensitive
 information such as the locations of memory regions, and defeat ASLR
 protection, by sending a command to the daemon's TCP port.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_memcached:
upstream_memcached: released (1.2.8-1)
dapper_memcached: ignored (reached end-of-life)
hardy_memcached: ignored (reached end-of-life)
intrepid_memcached: needs-triage (reached end-of-life)
jaunty_memcached: ignored (reached end-of-life)
karmic_memcached: not-affected (1.2.8-1)
lucid_memcached: not-affected
maverick_memcached: not-affected
natty_memcached: not-affected
oneiric_memcached: not-affected
devel_memcached: not-affected

Patches_memcachedb:
upstream_memcachedb: released (1.2.0-3)
dapper_memcachedb: DNE
hardy_memcachedb: DNE
intrepid_memcachedb: DNE
jaunty_memcachedb: ignored (reached end-of-life)
karmic_memcachedb: not-affected (1.2.0-5)
lucid_memcachedb: not-affected
maverick_memcachedb: not-affected
natty_memcachedb: not-affected
oneiric_memcachedb: not-affected
devel_memcachedb: not-affected