CVE-2018-1000115
First published: Sat Mar 03 2018(Updated: )
memcached supports TCP and UDP servers, when the UDP server is enabled, and the configuration does not specify localhost or 127.0.0.1, and the server does not firewall the memcached port (11211 by default) can be exploited for network traffic amplification attacks by spoofed UDP packets. Please note that by default the firewall on Red Hat Enterprise Linux only allows port 22 (SSH) inbound, so systems with memcached enabled are only affected if a firewall rule is added that allows UDP traffic to connect to memcached (by default on port 11211).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Memcached Memcached | =1.5.5 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Redhat Openstack | =8 | |
| Redhat Openstack | =9 | |
| Redhat Openstack | =10 | |
| Redhat Openstack | =11 | |
| Redhat Openstack | =12 | |
| redhat/memcached | <1.5.6 | 1.5.6 |
| ubuntu/memcached | <1.4.33-1ubuntu3.2 | 1.4.33-1ubuntu3.2 |
| ubuntu/memcached | <1.4.14-0ubuntu9.2 | 1.4.14-0ubuntu9.2 |
| ubuntu/memcached | <1.5.6 | 1.5.6 |
| ubuntu/memcached | <1.4.25-2ubuntu1.3 | 1.4.25-2ubuntu1.3 |
| debian/memcached | 1.6.9+dfsg-1 1.6.18-1 1.6.29-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHBA-2018:2140
- https://access.redhat.com/errata/RHSA-2018:1593
- https://access.redhat.com/errata/RHSA-2018:1627
- https://access.redhat.com/errata/RHSA-2018:2331
- https://access.redhat.com/errata/RHSA-2018:2857
- https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
- https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
- https://github.com/memcached/memcached/issues/348
- https://github.com/memcached/memcached/wiki/ReleaseNotes156
- https://twitter.com/dormando/status/968579781729009664
- https://usn.ubuntu.com/3588-1/
- https://www.debian.org/security/2018/dsa-4218
- https://www.exploit-db.com/exploits/44264/
- https://www.exploit-db.com/exploits/44265/
- https://www.synology.com/support/security/Synology_SA_18_07
- https://launchpad.net/bugs/cve/CVE-2018-1000115
- https://security-tracker.debian.org/tracker/CVE-2018-1000115
- https://access.redhat.com/solutions/3369081
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1182542
- https://src.fedoraproject.org/rpms/memcached/c/3ee983ab6353cb0613d03913dcc8b7dd3c9637c5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1551655
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1551839
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1553274
- https://bugzilla.redhat.com/show_bug.cgi?id=1551182
- https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
- https://ubuntu.com/security/notices/USN-3588-1
- https://www.cve.org/CVERecord?id=CVE-2018-1000115
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000115
- https://ubuntu.com/security/CVE-2018-1000115
Frequently Asked Questions
What is CVE-2018-1000115?
CVE-2018-1000115 is a vulnerability in Memcached version 1.5.5 that allows for network flood denial-of-service attacks.
Which software versions are affected by CVE-2018-1000115?
Memcached version 1.5.5 and lower are affected by CVE-2018-1000115.
What is the severity of CVE-2018-1000115?
CVE-2018-1000115 has a severity rating of 7.5 (High).
How can I fix CVE-2018-1000115?
To fix CVE-2018-1000115, update Memcached to version 1.5.6 or higher.
Where can I find more information about CVE-2018-1000115?
You can find more information about CVE-2018-1000115 in the release notes of Memcached version 1.5.6 and the provided references.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-1000115
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/memcached
- canonical/memcached memcached
- version/memcached memcached/1.5.5
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/redhat
- canonical/redhat openstack
- version/redhat openstack/8
- version/redhat openstack/9
- version/redhat openstack/10
- version/redhat openstack/11
- version/redhat openstack/12
- package-manager/debian
- package-manager/redhat
- package-manager/ubuntu