http://bugzilla.opensuse.org/show_bug.cgi?id=1007866
http://bugzilla.opensuse.org/show_bug.cgi?id=1007866#c1
--- Comment #1 from Mikhail Kasimov ---
Reference: http://seclists.org/oss-sec/2016/q4/292
===================================================================
As per Talos page, there seems to be three issues.
CVE-2016-8704 - Memcached server append/prepend remote code execution
vulnerability
An integer overflow in the process_bin_append_prepend function which is
responsible for processing multiple commands of Memcached binary
protocol can be abused to cause heap overflow and lead to remote code
execution.
http://www.talosintelligence.com/reports/TALOS-2016-0219/
CVE-2016-8705 - Memcached server update remote code execution vulnerability
Multiple integer overflows in process_bin_update function which is
responsible for processing multiple commands of Memcached binary
protocol can be abused to cause heap overflow and lead to remote code
execution.
http://www.talosintelligence.com/reports/TALOS-2016-0220/
CVE-2016-8706 - Memcached server SASL authentication remote code
execution vulnerability
An integer overflow in process_bin_sasl_auth function which is
responsible for authentication commands of Memcached binary protocol can
be abused to cause heap overflow and lead to remote code execution.
http://www.talosintelligence.com/reports/TALOS-2016-0221/
There is also a talos blog post about these issues:
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
Thanks for sharing!
===================================================================
--
You are receiving this mail because:
You are on the CC list for the bug.