Vulnerability Description:
Memcache is a common set of Key-value cache system, because it does not have a rights control module, so the Open Network Memcache service is easy to be scanned by attackers, through command interaction can be directly read memcache sensitive information.
Fix solution:
Because Memcache has no rights control function, users are required to restrict access to the source.
scenario One:
Memcached-d-M 1024-u root-l 127.0.0.1-p 11211-c 1024-p/tmp/memcached.pid
Where the-l parameter is specified as the native address.
[[email protected] ~]# cat /etc/firewalld/zones/ Redismem.xml <zone> <short>redis and memcached service</short > <description>.</description> <source address= "192.168.XX.10/24" /> <service name= "Redismem"/> <service name= "SSH"/></zone >[[email protected] ~]# cat /usr/lib/firewalld/services/redismem.xml <?xml version= "1.0" encoding= "Utf-8"?><service> <short>redis and memcache</short> <description>service of redis.service and Memcached.service</description> <port protocol= "TCP" port= "11211"/> <port protocol= "TCP" port= "6379"/></SERVICE>
Restart FIREWALLD Firewall
Iptables setting up a firewall
If the Memcache service needs to be serviced externally, access control can be done through iptables, which allows only native access:
//Accept
# iptables-a input-p tcp-s 127.0.0.1--dport 11211-j Accept
# iptables-a input-p udp-s 127.0.0.1- -dport 11211-j ACCEPT
//Drop
# iptables-i input-p tcp--dport 11211-j drop
# iptables-i input-p UDP--dport 11211-j drop
//Save rule and restart Iptables
# service Iptables save
# service Iptables restart
The above rule means that only 192.168.0.2 this IP is allowed to access port 11211.
Verify Memcache Port 11211 is turned on
Take IP (1.2.3.4) as an example:
Telnet 1.2.3.4 11211
You can connect directly to port 11211 of the Memcache service without a user name password.
Execute the following command to obtain the corresponding result:
# Stats//view Memcache service status
# Stats Items//View all items
# stats Cachedump 32 0//Get cache key
# get:state:264861539228401373:261588//Read the value through key, get the actual cache content, resulting in sensitive information leakage
Memcache Vulnerability-unauthorized access and launch of DDoS attacks as Broilers