Lucene search

K
ibmIBM5F2F58EAA21CC4DA7FE6629FC8FFA3D9FBB4019CE9B353188B50D0095FEB1535
HistoryJul 19, 2020 - 12:49 a.m.

Security Bulletin: Vulnerability in memcached affects SmartCloud Entry (CVE-2016-8704, CVE-2016-8705)

2020-07-1900:49:12
www.ibm.com
10
smartcloud entry
memcached
vulnerability
buffer overflow
cve-2016-8704
cve-2016-8705
ibm
fixpack 24

EPSS

0.867

Percentile

98.6%

Summary

A heap-based buffer overflow has been identified in memcached shipped with SmartCloud Entry.

Vulnerability Details

CVEID: CVE-2016-8704**
DESCRIPTION:** Memcached is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the process_bin_append_prepend function. By using a specially-crafted command, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118447 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-8705**
DESCRIPTION:** Memcached is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the process_bin_update function. By using a specially-crafted command, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118453 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 23,
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 23

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance Fixpack 24:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP24&source=SAR
SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance Fixpack 24:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP24&source=SAR&function=fixId&parent=ibm/Other%20software

Workarounds and Mitigations

None.