AVG-55 log
| Package | memcached |
| Status | Fixed |
| Severity | Critical |
| Type | arbitrary code execution |
| Affected | 1.4.31-1 |
| Fixed | 1.4.32-1 |
| Current | 1.6.21-2 [extra] |
| Ticket | None |
| Created | Tue Nov 1 08:57:25 2016 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-8706 | Critical | Yes | Arbitrary code execution | An integer overflow in process_bin_sasl_auth function which is responsible for authentication commands of Memcached binary protocol can be abused to cause... |
| CVE-2016-8705 | Critical | Yes | Arbitrary code execution | Multiple integer overflows in process_bin_update function which is responsible for processing multiple commands of Memcached binary protocol can be abused... |
| CVE-2016-8704 | Critical | Yes | Arbitrary code execution | An integer overflow in the process_bin_append_prepend function which is responsible for processing multiple commands of Memcached binary protocol can be... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 01 Nov 2016 | ASA-201611-1 | memcached | arbitrary code execution |
| Notes |
|---|
"If you do not use the binary protocol at all, a workaround is to start memcached with -B ascii - otherwise you will need the patch in this release." |