Bugs in Memcached allow remote code execution

Posted on Posted in Memcached

Decription: The bugs are related to the binary protocol as well as SASL authentication of the binary protocol.

These vulnerabilities manifest in various Memcached functions that are used in inserting, appending, prepending, or modifying key-value data pairs. Systems which also have Memcached compiled with support for SASL authentication are also vulnerable to a third flaw due to how Memcached handles SASL authentication commands

Changes:

Affected versions: All prior to memcached v.1.4.33

Recommended action: Upgrade to the latest version

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *