Vulnerability CVE-2010-1152

Vulnerability Name:

CVE-2010-1152 (CCN-57797)

Assigned:

2009-10-27

Published:

2009-10-27

Updated:

2023-02-13

Summary:

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: Sun Security Blog 18 Feb 2011
Input Validation Vulnerability in Memcached

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: memcached Web Site
PIping null to the server will crash it

Source: secalert@redhat.com
Type: Exploit
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2010-1152

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: CCN
Type: SA39306
memcached Packet Processing Memory Consumption Weakness

Source: CCN
Type: SECTRACK ID: 1023839
memcached try_read_command() Function Lets Remote Users Deny Service

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 63600
memcached memcached.c TCP Packet Null Terminating Newline Character Remote DoS

Source: CCN
Type: BID-39577
memcached Memory Consumption Remote Denial of Service Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
memcached-tryreadcommand-dos(57797)

Source: SUSE
Type: SUSE-SR:2010:013
SUSE Security Summary Report

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:memcachedb:memcached:1.4.2:*:*:*:*:*:*:*

AND

cpe:/o:oracle:solaris:11_express:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:26141	P	Security update for webkit2gtk3 (Important)	2021-10-06
oval:org.opensuse.security:def:20101152	V	CVE-2010-1152	2021-08-15
oval:org.opensuse.security:def:26077	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:36516	P	memcached-1.2.6-5.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26066	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:26065	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:26841	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26407	P	Security update for libmad (Moderate)	2020-12-01
oval:org.opensuse.security:def:26744	P	libexif on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27479	P	libreoffice-help-cs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26491	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:26783	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26269	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:27514	P	memcached on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26642	P	sysstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26797	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26350	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:26695	P	fetchmail on GA media (Moderate)	2020-12-01

BACK