hi, memcached segfaults when it receives set commands containing a negativ size value.
e.g.: set foobar 0 200 -3\r\nfoo\r\n some kind of signed to unsigned conversion bug. in the end, it's a memcpy that crashs. i tested it with debian's 1.1.12 and the current stable 1.2.5. it's at least a remote dos, i am not sure, if this can be exploited further. marcus -- Marcus Hunger - [EMAIL PROTECTED] Telefon: +49 (0)211-63 55 55-61 Telefax: +49 (0)211-63 55 55-22 indigo networks GmbH - Gladbacher Str. 74 - 40219 Düsseldorf HRB Düsseldorf 39841 - Geschäftsführer: Thilo Salmon, Tim Mois Steuernummer: 106/5713/2881, Umsatzsteuer-ID: DE219349391 www.sipgate.de - www.sipgate.at - www.sipgate.co.uk
