CVE-2018-1000115

05.03.2018, 14:29

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
memcached	memcached	1.5.5
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10
debian	debian_linux	8.0
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

memcached

bullseye	1.6.9+dfsg-1 fixed
wheezy	no-dsa
bookworm	1.6.18-1 fixed
trixie	1.6.32-1 fixed
sid	1.6.32-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

memcached

artful	Fixed 1.4.33-1ubuntu3.2 released
xenial	Fixed 1.4.25-2ubuntu1.3 released
trusty	Fixed 1.4.14-0ubuntu9.2 released

Known Exploits!

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://access.redhat.com/errata/RHBA-2018:2140

https://access.redhat.com/errata/RHSA-2018:1593

https://access.redhat.com/errata/RHSA-2018:1627

https://access.redhat.com/errata/RHSA-2018:2331

https://access.redhat.com/errata/RHSA-2018:2857

https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html

https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974

https://github.com/memcached/memcached/issues/348

https://github.com/memcached/memcached/wiki/ReleaseNotes156

https://twitter.com/dormando/status/968579781729009664

https://usn.ubuntu.com/3588-1/

https://www.debian.org/security/2018/dsa-4218

https://www.exploit-db.com/exploits/44264/

https://www.exploit-db.com/exploits/44265/

https://www.synology.com/support/security/Synology_SA_18_07

https://access.redhat.com/errata/RHBA-2018:2140

https://access.redhat.com/errata/RHSA-2018:1593

https://access.redhat.com/errata/RHSA-2018:1627

https://access.redhat.com/errata/RHSA-2018:2331

https://access.redhat.com/errata/RHSA-2018:2857

https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html

https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974

https://github.com/memcached/memcached/issues/348

https://github.com/memcached/memcached/wiki/ReleaseNotes156

https://twitter.com/dormando/status/968579781729009664

https://usn.ubuntu.com/3588-1/

https://www.debian.org/security/2018/dsa-4218

https://www.exploit-db.com/exploits/44264/

https://www.exploit-db.com/exploits/44265/

https://www.synology.com/support/security/Synology_SA_18_07