oss-sec mailing list archives
CVE Request: redis Lua sandbox escape and arbitrary code execution
From: Alessandro Ghedini <alessandro () ghedini me>
Date: Thu, 4 Jun 2015 15:46:18 +0200
Hello, redis 3.0.2 and 2.8.21 have been released with the following changelog entry:
Upgrade urgency: HIGH for Redis because of a security issue.
LOW for Sentinel.
* [FIX] Critical security issue fix by Ben Murphy: http://t.co/LpGTyZmfS7
https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ The vulnerability is explained in more detail at: http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ As far as I understand it, the Lua interpreter allows the user to load insecure bytecode that can be used to bypass the redis Lua sandbox. The upstream patch fixing this is: https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 I don't think a CVE has been assigned for this yet. Cheers
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: redis Lua sandbox escape and arbitrary code execution Alessandro Ghedini (Jun 04)
- Re: CVE Request: redis Lua sandbox escape and arbitrary code execution cve-assign (Jun 04)
- Re: CVE Request: redis Lua sandbox escape and arbitrary code execution Alessandro Ghedini (Jun 05)
- Re: CVE Request: redis Lua sandbox escape and arbitrary code execution cve-assign (Jun 05)
- Re: CVE Request: redis Lua sandbox escape and arbitrary code execution Alessandro Ghedini (Jun 05)
- Re: CVE Request: redis Lua sandbox escape and arbitrary code execution cve-assign (Jun 04)