PublicDateAtUSN: 2016-11-02
Candidate: CVE-2016-8706
PublicDate: 2017-01-06 21:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8706
 http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
 http://www.talosintelligence.com/reports/TALOS-2016-0221/
 https://github.com/memcached/memcached/wiki/ReleaseNotes1433
 https://ubuntu.com/security/notices/USN-3120-1
Description:
 An integer overflow in process_bin_sasl_auth function in Memcached, which
 is responsible for authentication commands of Memcached binary protocol,
 can be abused to cause heap overflow and lead to remote code execution.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: high
Discovered-by: Aleksandar Nikolic
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_memcached:
 upstream: https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
upstream_memcached: released (1.4.33)
precise_memcached: released (1.4.13-0ubuntu2.2)
trusty_memcached: released (1.4.14-0ubuntu9.1)
trusty/esm_memcached: DNE (trusty was released [1.4.14-0ubuntu9.1])
vivid/stable-phone-overlay_memcached: DNE
vivid/ubuntu-core_memcached: DNE
xenial_memcached: released (1.4.25-2ubuntu1.2)
esm-infra/xenial_memcached: released (1.4.25-2ubuntu1.2)
yakkety_memcached: released (1.4.25-2ubuntu2.1)
devel_memcached: released (1.4.25-2ubuntu3)