Oracle Linux CVE-2016-8705

Title:

MEMCACHED SERVER UPDATE REMOTE CODE EXECUTION VULNERABILITY

CVE ID:

CVE-2016-8705

Description:

The MITRE CVE dictionary describes this issue as:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

Find out more about CVE-2016-8705 from the MITRE CVE dictionary and NIST NVD.

CVSSV3 SCORE:

9.8 – CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Mitigation:

This flaw is in the memcached binary protocol. If your client programs only use the ASCII protocol when communicating with memcached, you can disable the binary protocol and protect against this flaw by adding “-B ascii” to OPTIONS in /etc/sysconfig/memcached.

External References:


http://www.talosintelligence.com/reports/TALOS-2016-0220/
https://access.redhat.com/security/cve/cve-2016-8705

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr