Arch Linux Security Advisory ASA-201611-1 ========================================= Severity: Critical Date : 2016-11-01 CVE-ID : CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 Package : memcached Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package memcached before version 1.4.32-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.4.32-1. # pacman -Syu "memcached>=1.4.32-1" The problems have been fixed upstream in version 1.4.32. Workaround ========== If you do not use the binary protocol at all, a workaround is to start memcached with "-B ascii" to disable it. Description =========== - CVE-2016-8704 (arbitrary code execution) An integer overflow in the process_bin_append_prepend function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. - CVE-2016-8705 (arbitrary code execution) Multiple integer overflows in process_bin_update function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. - CVE-2016-8706 (arbitrary code execution) An integer overflow in process_bin_sasl_auth function which is responsible for authentication commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Impact ====== A remote unauthenticated attacker can execute arbitrary code on the affected host. References ========== http://www.talosintelligence.com/reports/TALOS-2016-0219/ http://www.talosintelligence.com/reports/TALOS-2016-0220/ http://www.talosintelligence.com/reports/TALOS-2016-0221/ http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html https://github.com/memcached/memcached/wiki/ReleaseNotes1433 https://access.redhat.com/security/cve/CVE-2016-8704 https://access.redhat.com/security/cve/CVE-2016-8705 https://access.redhat.com/security/cve/CVE-2016-8706