Bird_banner_small4
Memcached Traffic Amplification UDP Packet Spoofing
TSL ID TSL20180305-02
CVE ID(s) CVE-2018-1000115
Severity High
Description

A network traffic amplification vulnerability has been reported in memcached. If its UDP server is enabled on port 11211 (the default), certain UDP requests may result in much larger responses.

A remote, unauthenticated attacker can exploit this vulnerability in memcached by sending UDP packets with spoofed source addresses to the server, and cause distributed DoS attacks. Note that the memcached server itself may not be affected, but it becomes a tool in a larger DDoS attack.

The vendor has released an advisory regarding this vulnerability:

https://github.com/memcached/memcached/wiki/ReleaseNotes156

Affected Products
  • Memcached Project Memcached prior to 1.5.6
CVSS Score Base 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is NONE
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 3.7 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://bugzilla.redhat.com/show_bug.cgi?id=1551182
https://github.com/memcached/memcached/wiki/ReleaseNotes156
Related Threats