RHEL 6 : memcached (RHSA-2016:2820)

High Nessus Plugin ID 95292


The remote Red Hat host is missing one or more security updates.


An update for memcached is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

Security Fix(es) :

* Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8704, CVE-2016-8705)


Update the affected memcached, memcached-debuginfo and / or memcached-devel packages.

See Also




Plugin Details

Severity: High

ID: 95292

File Name: redhat-RHSA-2016-2820.nasl

Version: $Revision: 1.5 $

Type: local

Agent: unix

Published: 2016/11/23

Modified: 2017/01/16

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND


Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:memcached, p-cpe:/a:redhat:enterprise_linux:memcached-debuginfo, p-cpe:/a:redhat:enterprise_linux:memcached-devel, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/11/23

Reference Information

CVE: CVE-2016-8704, CVE-2016-8705

OSVDB: 146522, 146524

RHSA: 2016:2820