August 10, 2010

Memcached is a popular tool used by many customers to accelerate the delivery of web content. Some recent research has revealed vulnerabilities in memcached that allow attackers to use published exploits for locating interesting servers, extracting information from caches, and inserting data into the caches. Usually this occurs because the servers running memcached are open to the Internet and have exposed the common port 11211/tcp.

The most effective way to avoid exploit is to ensure that none of your memcached servers can be reached via the Internet. They should be placed in dedicated security groups that allow inbound connections only from your web server security group (see this AWS blog post for further information on using security groups to isolate instances and direct traffic). If you’re using memcached in production, we recommend auditing your security groups and, if necessary, taking the appropriate steps to prevent direct Internet access to your memcached servers.