CVE-2016-8706

Title:

MEMCACHED SERVER SASL AUTENTICATION REMOTE CODE EXECUTION VULNERABILITY

CVE ID:

CVE-2016-8706

Description:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in memcached’s parsing of SASL authentication messages. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.


Find out more about CVE-2016-8706 from the MITRE CVE dictionary dictionary and NIST NVD.

Mitigation:

This flaw requires memcached to be running with SASL authentication enabled, which is not the default setting. If your memcached instances are running without the “-S” command-line option, they are not vulnerable.

External References:

http://www.talosintelligence.com/reports/TALOS-2016-0221/

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr