Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 714068 (CVE-2020-10931)

Summary: ~net-misc/memcached-1.6.2: RCE via binary protocol (CVE-2020-10931)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: prometheanfire, robbat2, whissi
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/memcached/memcached/issues/629
See Also: https://github.com/gentoo/gentoo/pull/15072
https://github.com/gentoo/gentoo/pull/15092
Whiteboard: ~1 [noglsa cve]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-23 14:05:36 UTC
Claims to affect 1.6.0, 1.6.1, unclear if it affects others.
Awaiting upstream confirm and fix.

Bug report: https://github.com/memcached/memcached/issues/629
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-23 17:22:39 UTC
NOTE: Only 1.6.0, 1.6.1 are affected.

Patch: https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-23 17:53:15 UTC
Fixed release: https://github.com/memcached/memcached/wiki/ReleaseNotes162

Workaround:
"disable the binary protocol if you are not using it (-B ascii)."
Comment 3 Larry the Git Cow gentoo-dev 2020-03-23 19:26:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=058978523fe278aa97314b8dee17539b62ebe41d

commit 058978523fe278aa97314b8dee17539b62ebe41d
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-03-23 17:57:38 +0000
Commit:     Robin H. Johnson <robbat2@gentoo.org>
CommitDate: 2020-03-23 19:26:19 +0000

    net-misc/memcached: Bump 1.6.x release (security fix)
    
    Only affects 1.6.0, 1.6.1.
    
    Bug: https://bugs.gentoo.org/714068
    Closes: https://github.com/gentoo/gentoo/pull/15072
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

 net-misc/memcached/Manifest               |  1 +
 net-misc/memcached/memcached-1.6.2.ebuild | 99 +++++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+)
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-23 19:36:56 UTC
@maintainer(s): please cleanup by dropping =net-misc/memcached-1.6.0, 1.6.1. Thanks for getting the fix in so quickly.
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-24 16:25:00 UTC
*** Bug 714230 has been marked as a duplicate of this bug. ***
Comment 6 Larry the Git Cow gentoo-dev 2020-03-24 19:47:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=131272ff2dc52fe5c0a4859a15dee3d3f31f2de9

commit 131272ff2dc52fe5c0a4859a15dee3d3f31f2de9
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-03-24 19:27:53 +0000
Commit:     Robin H. Johnson <robbat2@gentoo.org>
CommitDate: 2020-03-24 19:47:22 +0000

    net-misc/memcached: Cleanup vulnerable versions (1.6.{0,1})
    
    Bug: https://bugs.gentoo.org/714068
    Closes: https://github.com/gentoo/gentoo/pull/15092
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

 net-misc/memcached/Manifest               |   2 -
 net-misc/memcached/memcached-1.6.0.ebuild | 100 ------------------------------
 net-misc/memcached/memcached-1.6.1.ebuild |  99 -----------------------------
 3 files changed, 201 deletions(-)
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-24 20:05:04 UTC
All done, thank you.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-04-17 04:16:41 UTC
CVE-2020-10931 (https://nvd.nist.gov/vuln/detail/CVE-2020-10931):
  Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of
  service (daemon crash) via a crafted binary protocol header to
  try_read_command_binary in memcached.c.