From 3af9945b9f9157e44f5505c9421e5e8d914581ad Mon Sep 17 00:00:00 2001 From: delphij Date: Mon, 8 Jun 2015 22:33:12 +0000 Subject: Document redis EVAL Lua sandbox escape vulnerability. --- security/vuxml/vuln.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f8a0e6bb99c5..685d64a9edb4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,43 @@ Notes: --> + + redis -- EVAL Lua Sandbox Escape + + + redis + redis-devel + 2.6.02.8.21 + 3.03.0.2 + + + + +

Ben Murphy reports:

+
It is possible to break out of the Lua sandbox in + Redis and execute arbitrary code.
+
This shouldn’t pose a threat to users under the + trusted Redis security model where only trusted + users can connect to the database. However, in real + deployments there could be databases that can be + accessed by untrusted users. The main deployments + that are vulnerable are developers machines, places + where redis servers can be reached via SSRF attacks + and cloud hosting.
+

+ + + + CVE-2015-4335 + http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ + + + 2015-06-04 + 2015-06-08 + + + tidy -- heap-buffer-overflow -- cgit