ArchLinux: 201611-1: memcached: arbitrary code execution
Summary
- CVE-2016-8704 (arbitrary code execution)
An integer overflow in the process_bin_append_prepend function which is
responsible for processing multiple commands of Memcached binary
protocol can be abused to cause heap overflow and lead to remote code
execution.
- CVE-2016-8705 (arbitrary code execution)
Multiple integer overflows in process_bin_update function which is
responsible for processing multiple commands of Memcached binary
protocol can be abused to cause heap overflow and lead to remote code
execution.
- CVE-2016-8706 (arbitrary code execution)
An integer overflow in process_bin_sasl_auth function which is
responsible for authentication commands of Memcached binary protocol
can be abused to cause heap overflow and lead to remote code execution.
Resolution
Upgrade to 1.4.32-1.
# pacman -Syu "memcached>=1.4.32-1"
The problems have been fixed upstream in version 1.4.32.
References
https://talosintelligence.com/vulnerability_reports/TALOS-2016-0219/ https://talosintelligence.com/vulnerability_reports/TALOS-2016-0220/ https://talosintelligence.com/vulnerability_reports/TALOS-2016-0221/ https://blog.talosintelligence.com/memcached-vulnerabilities/ https://github.com/memcached/memcached/wiki/ReleaseNotes1433 https://access.redhat.com/security/cve/CVE-2016-8704 https://access.redhat.com/security/cve/CVE-2016-8705 https://access.redhat.com/security/cve/CVE-2016-8706
Workaround
If you do not use the binary protocol at all, a workaround is to start memcached with "-B ascii" to disable it.