An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
memcached memcached |
Facebook, Twitter, YouTube, Reddit among big ticket sites possibly affected
A remote code execution vulnerability in popular website backend performance tool Memcached has been found and squashed. Cisco penetration tester Aleksandar Nikolich reported three remote code execution holes in the tool used by big name sites including Facebook, Twitter, YouTube, and Reddit to help decrease database burdens and increase performance. Nikolich says the flaws can compromise the many sites that expose Memcache servers to the internet. He says attackers can further use the vulnerabi...