CVE-2013-7239 - Vulnerability Details - OpenCVE

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Memcached	Memcached

Configuration 1 [-]

OR	cpe:2.3:a:memcached:memcached::::::::
	cpe:2.3:a:memcached:memcached:1.4.0:::::::*
	cpe:2.3:a:memcached:memcached:1.4.1:::::::*
	cpe:2.3:a:memcached:memcached:1.4.2:::::::*
	cpe:2.3:a:memcached:memcached:1.4.3:::::::*
	cpe:2.3:a:memcached:memcached:1.4.4:::::::*
	cpe:2.3:a:memcached:memcached:1.4.5:::::::*
	cpe:2.3:a:memcached:memcached:1.4.6:::::::*
	cpe:2.3:a:memcached:memcached:1.4.7:::::::*
	cpe:2.3:a:memcached:memcached:1.4.8:::::::*
	cpe:2.3:a:memcached:memcached:1.4.9:::::::*
	cpe:2.3:a:memcached:memcached:1.4.10:::::::*
	cpe:2.3:a:memcached:memcached:1.4.11:::::::*
	cpe:2.3:a:memcached:memcached:1.4.12:::::::*
	cpe:2.3:a:memcached:memcached:1.4.13:::::::*
	cpe:2.3:a:memcached:memcached:1.4.14:::::::*
	cpe:2.3:a:memcached:memcached:1.4.15:::::::*

No data.

References

Link	Providers
http://seclists.org/oss-sec/2013/q4/572
http://secunia.com/advisories/56183
http://www.debian.org/security/2014/dsa-2832
http://www.securityfocus.com/bid/64559
http://www.ubuntu.com/usn/USN-2080-1
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
https://nvd.nist.gov/vuln/detail/CVE-2013-7239
https://www.cve.org/CVERecord?id=CVE-2013-7239

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2014-01-13T21:00:00

Updated: 2024-08-06T18:01:20.106Z

Reserved: 2013-12-30T00:00:00

Link: CVE-2013-7239

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-01-13T21:55:05.230

Modified: 2024-11-21T02:00:32.707

Link: CVE-2013-7239

Redhat

Severity : Moderate

Publid Date: 2013-04-19T00:00:00Z

Links: CVE-2013-7239 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-24T09:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "64559", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/64559"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417"}, {"name": "[oss-security] 20131230 Re: CVE Request: SASL authentication allows wrong credentials to access memcache", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q4/572"}, {"name": "USN-2080-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2080-1"}, {"name": "DSA-2832", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2832"}, {"name": "56183", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56183"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2013-7239", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "64559", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64559"}, {"name": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417", "refsource": "CONFIRM", "url": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417"}, {"name": "[oss-security] 20131230 Re: CVE Request: SASL authentication allows wrong credentials to access memcache", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2013/q4/572"}, {"name": "USN-2080-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2080-1"}, {"name": "DSA-2832", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2832"}, {"name": "56183", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56183"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:01:20.106Z"}, "title": "CVE Program Container", "references": [{"name": "64559", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/64559"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417"}, {"name": "[oss-security] 20131230 Re: CVE Request: SASL authentication allows wrong credentials to access memcache", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/572"}, {"name": "USN-2080-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2080-1"}, {"name": "DSA-2832", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2832"}, {"name": "56183", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/56183"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2013-7239", "datePublished": "2014-01-13T21:00:00", "dateReserved": "2013-12-30T00:00:00", "dateUpdated": "2024-08-06T18:01:20.106Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BC2D838-BD98-438F-8B8A-C2C26E129E63", "versionEndIncluding": "1.4.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D6D790C-560B-460F-A175-B47A5AFAA9F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "358D87E0-9392-4C00-94CE-C14BC408BCF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CE58473C-3D01-4519-B1F9-1F1808191EDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "F45F2A98-7146-4501-B2A7-A376204DCFD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1F4CD0E-CB74-4D72-ABDF-97820DE6A595", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "0BC45B91-2C50-4D9A-9D8D-026249FB4B4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "8FE2B6E7-1066-4D7D-9346-F03487EAE77C", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "DC04F90C-2813-44F8-B48D-9EAF6E8B78A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "1E305092-2CFD-4A94-BCE5-7F9AAEDB74D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "924552C6-BF90-49F1-A562-620196503246", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "92EFE814-FA06-487A-8E5F-CD00457334A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "2AB6AF32-7B4B-4FEB-BE5D-A260852ED0DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "A93A9113-B3AE-4952-9B98-B296DB7580B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "F60CAEF4-EDD2-474D-99AE-AFBDE73BBBCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "29C9CE6E-6330-4346-8989-2A7DA7BFD19A", "vulnerable": true}, {"criteria": "cpe:2.3:a:memcached:memcached:1.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "01E082CD-A502-4CD2-8995-2086217205A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials."}, {"lang": "es", "value": "memcached anterior 1.4.17 permite a atacantes remotos evadir la autenticaci\u00f3n mediante el env\u00edo de una petici\u00f3n inv\u00e1lida con credenciales SASL, luego enviar otra petici\u00f3n con credenciales SASL incorrectas."}], "id": "CVE-2013-7239", "lastModified": "2024-11-21T02:00:32.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-13T21:55:05.230", "references": [{"source": "security@debian.org", "url": "http://seclists.org/oss-sec/2013/q4/572"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56183"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2014/dsa-2832"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/64559"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-2080-1"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2013/q4/572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56183"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2832"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/64559"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2080-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}