1
PublicDateAtUSN: 2016-11-02
2
Candidate: CVE-2016-8706
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8706
6
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
7
http://www.talosintelligence.com/reports/TALOS-2016-0221/
8
https://github.com/memcached/memcached/wiki/ReleaseNotes1433
9
https://usn.ubuntu.com/usn/usn-3120-1
11
An integer overflow in process_bin_sasl_auth function in Memcached, which
12
is responsible for authentication commands of Memcached binary protocol,
13
can be abused to cause heap overflow and lead to remote code execution.
18
Discovered-by: Aleksandar Nikolic
22
upstream: https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
23
upstream_memcached: released (1.4.33)
24
precise_memcached: released (1.4.13-0ubuntu2.2)
25
trusty_memcached: released (1.4.14-0ubuntu9.1)
26
vivid/stable-phone-overlay_memcached: DNE
27
vivid/ubuntu-core_memcached: DNE
28
xenial_memcached: released (1.4.25-2ubuntu1.2)
29
yakkety_memcached: released (1.4.25-2ubuntu2.1)
30
devel_memcached: released (1.4.25-2ubuntu3)