CVE-2009-1255

The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.

• How can I get the fixes?
• What do statuses mean?

References

• MITRE
• NVD
• Launchpad
• Debian

Other references

• http://www.positronsecurity.com/advisories/2009-001.html
• http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
• http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
• https://www.cve.org/CVERecord?id=CVE-2009-1255