Mandriva Linux Security Advisory 2009-105 - The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending a command to the daemon's TCP port. The updated packages have been patched to prevent this.
234a80a38489861d68a02790cb0a9b505a37001ba30edca59da0fa46baaf0797
During an audit of the memcached v1.2.7 source code, it was found that the software divulges its stack, heap, and shared library memory locations. This effectively disables address space layout randomization (ASLR) protection, making potential buffer overflow vulnerabilities much easier to exploit.
2f8e3cddb4d091a7628c65e9dcd58f8e254af82611e835a326c48824dc2d5d55