Comment # 1 on bug 1007866 from
Reference: http://seclists.org/oss-sec/2016/q4/292
===================================================================
As per Talos page, there seems to be three issues.

CVE-2016-8704 - Memcached server append/prepend remote code execution
vulnerability

An integer overflow in the process_bin_append_prepend function which is
responsible for processing multiple commands of Memcached binary
protocol can be abused to cause heap overflow and lead to remote code
execution.

http://www.talosintelligence.com/reports/TALOS-2016-0219/

CVE-2016-8705 - Memcached server update remote code execution vulnerability

Multiple integer overflows in process_bin_update function which is
responsible for processing multiple commands of Memcached binary
protocol can be abused to cause heap overflow and lead to remote code
execution.

http://www.talosintelligence.com/reports/TALOS-2016-0220/

CVE-2016-8706 - Memcached server SASL authentication remote code
execution vulnerability

An integer overflow in process_bin_sasl_auth function which is
responsible for authentication commands of Memcached binary protocol can
be abused to cause heap overflow and lead to remote code execution.

http://www.talosintelligence.com/reports/TALOS-2016-0221/

There is also a talos blog post about these issues:

http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html

Thanks for sharing!
===================================================================


You are receiving this mail because: