edit-icon download-icon

[Vulnerability notice] CVE-2016-8704/8705/8706: Multiple remote code execution vulnerabilities in all Memcached versions

Last Updated: Apr 08, 2018

On October 31, 2016, Memcached released a security patch for fixing multiple remote code execution vulnerabilities. Hackers can exploit these vulnerabilities to steal service data in Memcached or cause the Memcached service to crash, resulting in DoS. We recommend that you upgrade Memcached to the official version 1.4.33 or later.

See the following for more information about the vulnerability.


CVE identifier

CVE-2016-8704, CVE-2016-8705, CVE-2016-8706

Vulnerability name

  • CVE-2016-8704: Memcached Append and Prepend remote code execution vulnerability
  • CVE-2016-8705: Memcached Update remote code execution vulnerability
  • CVE-2016-8706: Memcached SASL authentication remote code execution vulnerability

Vulnerability rating

High

Vulnerability description

By sending a specially crafted Memcached command to the server, attackers can exploit the vulnerabilities to run code remotely, causing service crash or DoS and seriously affecting service running.

Condition and method of exploitation

Port 11211 of the Memcached service is enabled to the Internet.

Affected scope

Memcached < 1.4.33

How to fix or mitigate

Reference

[1]. http://seclists.org/oss-sec/2016/q4/290
[2]. http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
[3]. https://github.com/memcached/memcached/wiki/ReleaseNotes1433
[4]. http://www.talosintelligence.com/reports/TALOS-2016-0219/
[5]. http://www.talosintelligence.com/reports/TALOS-2016-0220/
[6]. http://www.talosintelligence.com/reports/TALOS-2016-0221/

Thank you! We've received your feedback.