Bug ID 1007866
Summary Memcached: 1.4.32 and earlier buffer overflow
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.1
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter mikhail.kasimov@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker ---

Reference: [1] http://seclists.org/oss-sec/2016/q4/290

[1]:
===================================================
Release notes with tarball here:
https://github.com/memcached/memcached/wiki/ReleaseNotes1433

Copy/paste from the relase notes:
Serious remote code execution bugs are fixed in this release.

The bugs are related to the binary protocol as well as SASL authentication
of the binary protocol.

If you do not use the binary protocol at all, a workaround is to start
memcached with -B ascii - otherwise you will need the patch in this
release.

The diff may apply cleanly to older versions as the affected code has not
changed in a long time.

Full details of the issues may be found here:
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html

In summary: two binary protocol parsing errors, and a SASL authentication
parsing error allows buffer overflows of keys into arbitrary memory
space. With enough work undesireable effects are possible.

CVE's were requested and assigned by the reporter. I unfortunately don't
have them handy :(

-Dormando
===================================================

[2] https://software.opensuse.org/package/memcached

[2]:
===================================================
TW: 1.4.25
42.1: 1.4.22
13.2: 1.4.20
network:utilities repo: 1.4.25
server:php:extensions repo: 1.4.25
filesystems:openATTIC repo: 1.4.25
===================================================


You are receiving this mail because: