Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8706

Опубликовано: 31 окт. 2016
Источник: redhat
CVSS3: 8.1
CVSS2: 6.8
EPSS Средний

Описание

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in memcached's parsing of SASL authentication messages. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

Отчет

The version of memcached as shipped with Red Hat OpenStack Platform 9 is affected by this issue however will not be updated. The latest version of memcached from Red Hat Enterprise Linux 7 can safely be allowed to supersede the earlier versions provided in the Red Hat OpenStack Platform channels.

Меры по смягчению последствий

This flaw requires memcached to be running with SASL authentication enabled, which is not the default setting. If your memcached instances are running without the "-S" command-line option, they are not vulnerable.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6memcachedNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)memcachedNot affected
Red Hat Mobile Application Platform 4memcachedNot affected
Red Hat OpenStack Platform 10 (Newton)memcachedNot affected
Red Hat OpenStack Platform 8 (Liberty)memcachedNot affected
Red Hat OpenStack Platform 9 (Mitaka)memcachedWill not fix
Red Hat Enterprise Linux 7memcachedFixedRHSA-2016:281923.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1390512memcached: SASL authentication remote code execution

EPSS

Процентиль: 99%
0.68629
Средний

8.1 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-8706

CVSS3: 8.1
ubuntu
больше 8 лет назад

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

nvd логотип

CVE-2016-8706

CVSS3: 8.1
nvd
больше 8 лет назад

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

debian логотип

CVE-2016-8706

CVSS3: 8.1
debian
больше 8 лет назад

An integer overflow in process_bin_sasl_auth function in Memcached, wh ...

github логотип

GHSA-xj8f-h9rc-62vh

CVSS3: 8.1
github
больше 3 лет назад

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

suse-cvrf логотип

openSUSE-SU-2016:2841-1

suse-cvrf
почти 9 лет назад

Security update for memcached

EPSS

Процентиль: 99%
0.68629
Средний

8.1 High

CVSS3

6.8 Medium

CVSS2