Key Points
A number of new vulnerabilities in Memcached were recently discovered, which affect versions of the software before 1.4.33.
If successfully exploited, these weaknesses allow a remote attacker to compromise the affected system by executing arbitrary commands.
Exposing unnecessary services to the Internet always carries the risk that a vulnerability will be discovered and create an entry point for an attacker. That’s why we’ve been advising our customers to lock down unnecessary services like Memcached since we created the Intruder continuous security monitoring service last year.
Intruder recommends restricting access to (eg. firewalling), and patching any affected systems across your estate as a matter of urgency.
Further details of the vulnerabilities can be found at:
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
.jpg)
