RCE in Memcached

240 views
Skip to first unread message

abduladil02

unread,
Nov 2, 2016, 11:02:01 PM11/2/16
to Security News

Three new vulnerabilities have been found in popular cache system for web apps

CVSS Score: 9.8 [CRITICAL]
  • CVE-2016-8704: Memcached Server Append/Prepend Remote Code Execution Vulnerability   CVSS: 9.8
  • CVE-2016-8705: Memcached Server Update Remote Code Execution Vulnerability  CVSS: 8.1
  • CVE-2016-8706: Memcached Server SASL Authentication Remote Code Execution Vulnerability CVSS: 9.8
    •  
Impact:If exploited, the vulnerabilities could allow attackers to send repeat specifically-crafted Memcached commands to the targeted servers.

Affects:
  1. The integer overflow flaws in Memcached affect Memcached version 1.4.31 and earlier.

Fix: Memcached released patch on 31st OCT 2016
Link:

Jassi

unread,
Nov 7, 2016, 5:35:13 AM11/7/16
to Security News
This is interesting. Thanks for sharing Abdul
Reply all
Reply to author
Forward
0 new messages