SB2018032206 - SUSE Linux update for memcached

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018032206

SB2018032206 - SUSE Linux update for memcached

Published: March 22, 2018

Security Bulletin ID SB2018032206
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 44% Medium 44% Low 11%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Buffer access with incorrect length value (CVE-ID: CVE-2011-4971)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions due to a large body length value in a packet. A remote attacker can trigger memory corruption and cause the service to crash.

2) Buffer over-read (CVE-ID: CVE-2013-0179)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to boundary error in the process_bin_delete function when running in verbose mode. A remote attacker can cause the service to crash via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers buffer over-read when printing to stderr.


3) Improper authentication (CVE-ID: CVE-2013-7239)

The vulnerability allows a remote attacker to bypass authentication on the target system.

The weakness exists due to allowing wrong credentials access. A remote attacker can send an invalid request with SASL credentials, then send another request with incorrect SASL credentials and bypass authentication.

4) Buffer over-read (CVE-ID: CVE-2013-7290)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the do_item_get function in items.c due to boundary error when running in verbose mode. A remote attacker can cause the service to crash via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers buffer over-read when printing to stderr.


5) Memory corruption (CVE-ID: CVE-2013-7291)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to boundary error when running in verbose mode. A remote attacker can submit a specially crafted request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree", and cause the service to crash.

6) Heap-based buffer overflow (CVE-ID: CVE-2016-8704)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the process_bin_append_prepend() function due to integer overflow. A remote attacker can send specially crafted Memcached binary protocol commands, trigger heap-based buffer overflow and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

7) Heap-based buffer overflow (CVE-ID: CVE-2016-8705)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the process_bin_update() function due to integer overflow. A remote attacker can send specially crafted Memcached binary protocol commands, trigger heap-based buffer overflow and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

8) Heap-based buffer overflow (CVE-ID: CVE-2016-8706)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the process_bin_sasl_auth() function due to integer overflow. A remote attacker can send specially crafted Memcached binary protocol commands, trigger heap-based buffer overflow and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

9) Buffer over-read (CVE-ID: CVE-2017-9951)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the try_read_command function in memcached.c in memcached before 1.4.39. A remote attacker can perform a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read.

The vulnerability is dubbed Twistlock.

Remediation

Install update from vendor's website.

References