oss-sec mailing list archives
Memcached 1.4.32 and earlier buffer overflow.
From: dormando <dormando () rydia net>
Date: Mon, 31 Oct 2016 15:35:41 -0700 (PDT)
Release notes with tarball here: https://github.com/memcached/memcached/wiki/ReleaseNotes1433 Copy/paste from the relase notes: Serious remote code execution bugs are fixed in this release. The bugs are related to the binary protocol as well as SASL authentication of the binary protocol. If you do not use the binary protocol at all, a workaround is to start memcached with -B ascii - otherwise you will need the patch in this release. The diff may apply cleanly to older versions as the affected code has not changed in a long time. Full details of the issues may be found here: http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html In summary: two binary protocol parsing errors, and a SASL authentication parsing error allows buffer overflows of keys into arbitrary memory space. With enough work undesireable effects are possible. CVE's were requested and assigned by the reporter. I unfortunately don't have them handy :( -Dormando
Current thread:
- Memcached 1.4.32 and earlier buffer overflow. dormando (Oct 31)
- Re: Memcached 1.4.32 and earlier buffer overflow. Andrej Nemec (Nov 01)