Arch Linux alert ASA-201611-1 (memcached)
| From: | Remi Gacogne <rgacogne@archlinux.org> | |
| To: | arch-security@archlinux.org | |
| Subject: | [arch-security] [ASA-201611-1] memcached: arbitrary code execution | |
| Date: | Tue, 1 Nov 2016 10:27:25 +0100 | |
| Message-ID: | <ed3d9a38-9bee-e676-76e8-fa110a7e975e@archlinux.org> |
Arch Linux Security Advisory ASA-201611-1 ========================================= Severity: Critical Date : 2016-11-01 CVE-ID : CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 Package : memcached Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package memcached before version 1.4.32-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.4.32-1. # pacman -Syu "memcached>=1.4.32-1" The problems have been fixed upstream in version 1.4.32. Workaround ========== If you do not use the binary protocol at all, a workaround is to start memcached with "-B ascii" to disable it. Description =========== - CVE-2016-8704 (arbitrary code execution) An integer overflow in the process_bin_append_prepend function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. - CVE-2016-8705 (arbitrary code execution) Multiple integer overflows in process_bin_update function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. - CVE-2016-8706 (arbitrary code execution) An integer overflow in process_bin_sasl_auth function which is responsible for authentication commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Impact ====== A remote unauthenticated attacker can execute arbitrary code on the affected host. References ========== http://www.talosintelligence.com/reports/TALOS-2016-0219/ http://www.talosintelligence.com/reports/TALOS-2016-0220/ http://www.talosintelligence.com/reports/TALOS-2016-0221/ http://blog.talosintel.com/2016/10/memcached-vulnerabilit... https://github.com/memcached/memcached/wiki/ReleaseNotes1433 https://access.redhat.com/security/cve/CVE-2016-8704 https://access.redhat.com/security/cve/CVE-2016-8705 https://access.redhat.com/security/cve/CVE-2016-8706