Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1390512 - (CVE-2016-8706) CVE-2016-8706 memcached: SASL authentication remote code execution
CVE-2016-8706 memcached: SASL authentication remote code execution
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20161031,repor...
: Security
Depends On: 1390513 1390514 1391262 1391263 1392273 1392274
Blocks: 1390516 1393126
  Show dependency treegraph
 
Reported: 2016-11-01 05:43 EDT by Andrej Nemec
Modified: 2016-11-24 00:58 EST (History)
30 users (show)

See Also:
Fixed In Version: memcached 1.4.33
Doc Type: If docs needed, set a value
Doc Text:
An integer overflow flaw, leading to a heap-based buffer overflow, was found in memcached's parsing of SASL authentication messages. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-24 00:58:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2819 normal SHIPPED_LIVE Important: memcached security update 2016-11-23 07:47:52 EST

  None (edit)
Description Andrej Nemec 2016-11-01 05:43:39 EDT 
An integer overflow in process_bin_sasl_auth function which is
responsible for authentication commands of Memcached binary protocol can
be abused to cause heap overflow and lead to remote code execution.

External References:

http://www.talosintelligence.com/reports/TALOS-2016-0221/

Upstream patch:

https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
Comment 1 Andrej Nemec 2016-11-01 05:45:11 EDT 
Created memcached tracking bugs for this issue:

Affects: fedora-all [bug 1390513]
Affects: epel-5 [bug 1390514]
Comment 2 Doran Moppert 2016-11-02 02:56:11 EDT 
This flaw requires memcached compiled with SASL authentication enabled, as is the case for Red Hat Enterprise Linux 7.3.

Red Hat Enterprise Linux 7.2 and 6.x memcached packages are compiled without SASL support, so they are not affected.
Comment 10 Doran Moppert 2016-11-08 17:42:01 EST 
Mitigation:

This flaw requires memcached to be running with SASL authentication enabled, which is not the default setting. If your memcached instances are running without the "-S" command-line option, they are not vulnerable.
Comment 12 errata-xmlrpc 2016-11-23 02:49:33 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2819 https://rhn.redhat.com/errata/RHSA-2016-2819.html
Comment 13 Garth Mollett 2016-11-24 00:54:41 EST 
Statement:

The version of memcached as shipped with Red Hat OpenStack Platform 9 is affected by this issue however will not be updated. The latest version of memcached from Red Hat Enterprise Linux 7 can safely be allowed to supersede the earlier versions provided in the Red Hat OpenStack Platform channels.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.