Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Jun 2015 15:46:18 +0200
From: Alessandro Ghedini <alessandro@...dini.me>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE Request: redis Lua sandbox escape and arbitrary code execution

Hello,

redis 3.0.2 and 2.8.21 have been released with the following changelog entry:

> Upgrade urgency: HIGH for Redis because of a security issue. 
>                  LOW for Sentinel. 
> 
> * [FIX] Critical security issue fix by Ben Murphy: http://t.co/LpGTyZmfS7 

https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ

The vulnerability is explained in more detail at:
http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/

As far as I understand it, the Lua interpreter allows the user to load insecure
bytecode that can be used to bypass the redis Lua sandbox.

The upstream patch fixing this is:
https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411

I don't think a CVE has been assigned for this yet.

Cheers

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ