Date: Thu, 4 Jun 2015 15:46:18 +0200 From: Alessandro Ghedini <alessandro@...dini.me> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE Request: redis Lua sandbox escape and arbitrary code execution Hello, redis 3.0.2 and 2.8.21 have been released with the following changelog entry: > Upgrade urgency: HIGH for Redis because of a security issue. > LOW for Sentinel. > > * [FIX] Critical security issue fix by Ben Murphy: http://t.co/LpGTyZmfS7 https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ The vulnerability is explained in more detail at: http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ As far as I understand it, the Lua interpreter allows the user to load insecure bytecode that can be used to bypass the redis Lua sandbox. The upstream patch fixing this is: https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 I don't think a CVE has been assigned for this yet. Cheers Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ