Heap-based buffer overflow vulnerabilities in Memcached affect IBM Tealeaf Customer Experience and IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. IBM Tealeaf Customer Experience and IBM Tealeaf Customer Experience on Cloud Network Capture Add-On have addressed the applicable CVEs.
CVEID: CVE-2016-8705 DESCRIPTION: Memcached is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the process_bin_update function. By using a specially-crafted command, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118453 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-8706 DESCRIPTION: Memcached is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the process_bin_sasl_auth function. By using a specially-crafted authentication command, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118454 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-8704 DESCRIPTION: Memcached is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the process_bin_append_prepend function. By using a specially-crafted command, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118447 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM Tealeaf Customer Experience v8.7-v9.0.2
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On 16.1.01
Product
|
VRMF
|
Remediation/First Fix
—|—|—
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
|
16.1.01
| IBMTealeaf_PCA-3732-13 in https://tealeaf.support.ibmcloud.com/ics/support/DLList.asp?task=download&folderID=121267
IBM Tealeaf Customer Experience
|
9.0.2A
IBM Tealeaf Customer Experience
|
9.0.2
IBM Tealeaf Customer Experience
|
9.0.1A
IBM Tealeaf Customer Experience
|
9.0.1
IBM Tealeaf Customer Experience
|
9.0.0, 9.0.0A
| You can contact the Technical Support team for guidance.
IBM Tealeaf Customer Experience
|
8.8
IBM Tealeaf Customer Experience
|
8.7
| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=8.7_IBMTealeaf_PCA-3615-13_SecurityRollup_FixPack&includeSupersedes=0&source=fc
For v9.0.0 and 9.0.0A, IBM recommends upgrading to a later supported version of the product.
Access to local networks containing networked Tealeaf servers should be limited to avoid unauthorized access to or disruption of Tealeaf services.
Access to PCA systems should be limited as much as possible.
CPE | Name | Operator | Version |
---|---|---|---|
tealeaf customer experience | eq | any |