CVE-2015-4335
CVSS10.0
发布时间 :2015-06-09 10:59:07
修订时间 :2017-08-14 21:29:00
NMCPS    

[原文]Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.


[CNNVD]Redis 安全漏洞(CNNVD-201506-128)

        

Redis是美国毕威拓(Pivotal)公司赞助开发的一套开源的使用ANSI C语言编写的且基于内存和键值对存储(数据库最简单的组织形式)的数据库系统。

Redis 2.8.1之前版本和3.0.2之前3.x版本中存在安全漏洞。远程攻击者可执行eval命令利用该漏洞执行任意Lua字节码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-17 [代码]

- CPE (受影响的平台与产品)

cpe:/a:pivotal_software:redis:2.8.20
cpe:/a:pivotal_software:redis:3.0.0
cpe:/a:pivotal_software:redis:3.0.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4335
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4335
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201506-128
(官方数据源) CNNVD

- 其它链接及资源

http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
(UNKNOWN)  MISC  http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html
(UNKNOWN)  FEDORA  FEDORA-2015-9488
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html
(UNKNOWN)  FEDORA  FEDORA-2015-9498
http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html
(UNKNOWN)  SUSE  openSUSE-SU-2015:1687
http://rhn.redhat.com/errata/RHSA-2015-1676.html
(UNKNOWN)  REDHAT  RHSA-2015:1676
http://www.debian.org/security/2015/dsa-3279
(UNKNOWN)  DEBIAN  DSA-3279
http://www.openwall.com/lists/oss-security/2015/06/04/12
(UNKNOWN)  MLIST  [oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution
http://www.openwall.com/lists/oss-security/2015/06/04/8
(UNKNOWN)  MLIST  [oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution
http://www.openwall.com/lists/oss-security/2015/06/05/3
(UNKNOWN)  MLIST  [oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution
http://www.securityfocus.com/bid/75034
(UNKNOWN)  BID  75034
https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
(UNKNOWN)  CONFIRM  https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
(VENDOR_ADVISORY)  CONFIRM  https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
https://security.gentoo.org/glsa/201702-16
(UNKNOWN)  GENTOO  GLSA-201702-16

- 漏洞信息

Redis 安全漏洞
危急
2015-06-10 00:00:00 2015-06-10 00:00:00
远程  
        

Redis是美国毕威拓(Pivotal)公司赞助开发的一套开源的使用ANSI C语言编写的且基于内存和键值对存储(数据库最简单的组织形式)的数据库系统。

Redis 2.8.1之前版本和3.0.2之前3.x版本中存在安全漏洞。远程攻击者可执行eval命令利用该漏洞执行任意Lua字节码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        https://raw.githubusercontent.com/antirez/redis/3.0/00-RELEASENOTES

- 漏洞信息 (F132197)

Debian Security Advisory 3279-1 (PacketStormID:F132197)
2015-06-10 00:00:00
Debian  debian.org
advisory,remote,arbitrary
linux,debian
CVE-2015-4335
[点击下载]

Debian Linux Security Advisory 3279-1 - It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3279-1                   security@debian.org
http://www.debian.org/security/                        Alessandro Ghedini
June 06, 2015                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : redis
CVE ID         : CVE-2015-4335

It was discovered that redis, a persistent key-value database, could
execute insecure Lua bytecode by way of the EVAL command. This could
allow remote attackers to break out of the Lua sandbox and execute
arbitrary code.

For the stable distribution (jessie), this problem has been fixed in
version 2:2.8.17-1+deb8u1.

For the testing distribution (stretch), this problem will be fixed
in version 2:3.0.2-1.

For the unstable distribution (sid), this problem has been fixed in
version 2:3.0.2-1.

We recommend that you upgrade your redis packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVcs+9AAoJEK+lG9bN5XPLU74P/0JkRt5MbpSrCaydmUfIVoYI
hEX9w6wwBsINZTE+n4D4+2icrCu1NMFEnHg21sU55iZgvbGFiBv2c1lu6YX35O6I
He84RfFliyhNbplTcBoWLK8Otw9V8BLH1iZNtohci4atmCnb/h7fQ5ggb/5tocu2
GHnJaDzJRs6k4DgRRtj3Y40R/Z/CagYu/6BXUuBAiFJq8iBMSROGtIX/7H1UWtW0
Glzp2VvWWP5YgXUgf0s14Tzmv8Y5roggnHs26reoHUKap5gVwpxBjo5WlQ2lMEiF
d7hV5apMQT32Fnr7iBynpyNd+ZHlFnlpugiv7MzuKa//v4Xx8bXqguyPi0Q86NxL
Mg4cXPxVYLutMRiYMlFvYZxowuPT1YENR18f98WLsiB7rKP0KGetijSt+9m4iGxK
7yWUWo4h/Fe2RaGJsb8mlJJaCWA2M6ghWud96rx3UDxnxRXPw9TSJvbG5izS0zRC
DrMi+5U/GTZ5qyc44UyELTAkGkMtDdt+KQjf7lvm+p1qiLozT2U7kDOC4OR/UOQw
mOOSnlxszAPfUKTPQQ688wirnSmuf5Gxub1DouuAMZdTjNq6MAhdm5W1Fm8R9tvy
KT9MasqKAotrTUZFU4PyCI7kCnNTOdADRrf4fgQCTVSPlqnd+PkCHlnucOci6PX7
ipBBrnSPePMDHD5Gz1zI
=3W9c
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F133288)

Red Hat Security Advisory 2015-1676-01 (PacketStormID:F133288)
2015-08-24 00:00:00
Red Hat  
advisory,arbitrary
linux,redhat
CVE-2015-4335
[点击下载]

Red Hat Security Advisory 2015-1676-01 - Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. All users of redis are advised to upgrade to these updated packages, which correct this issue.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: redis security advisory
Advisory ID:       RHSA-2015:1676-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1676.html
Issue date:        2015-08-24
CVE Names:         CVE-2015-4335 
=====================================================================

1. Summary:

Updated redis packages that fix a security issues are now available for
Red Hat Enterprise Linux OpenStack Platform 6.0.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - x86_64

3. Description:

Redis is an advanced key-value store. It is often referred to as a data 
structure server since keys can contain strings, hashes, lists, sets and 
sorted sets.

A flaw was discovered in redis that could allow an authenticated user, who
was able to use the EVAL command to run Lua code, to break out of the Lua
sandbox and execute arbitrary code on the system. (CVE-2015-4335)

All users of redis are advised to upgrade to these updated packages, which
correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1228327 - CVE-2015-4335 redis: Lua sandbox escape and arbitrary code execution

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7:

Source:
redis-2.8.21-1.el7ost.src.rpm

x86_64:
redis-2.8.21-1.el7ost.x86_64.rpm
redis-debuginfo-2.8.21-1.el7ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-4335
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFV23zjXlSAg2UNWIIRAiiVAKClCAqHE4BdrtYzmQBLZD37Cwf4HACglzgm
J5LQRTIxn8TDg65g8uhXTmI=
=VSTj
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F141185)

Gentoo Linux Security Advisory 201702-16 (PacketStormID:F141185)
2017-02-21 00:00:00
Gentoo  security.gentoo.org
advisory,arbitrary,vulnerability
linux,gentoo
CVE-2015-4335,CVE-2015-8080,CVE-2016-8339
[点击下载]

Gentoo Linux Security Advisory 201702-16 - Multiple vulnerabilities have been found in Redis, the worst of which may allow execution of arbitrary code. Versions less than 3.2.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201702-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Redis: Multiple vulnerabilities
     Date: February 20, 2017
     Bugs: #551274, #565188, #595730
       ID: 201702-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Redis, the worst of which
may allow execution of arbitrary code.

Background
==========

Redis is an open source (BSD licensed), in-memory data structure store,
used as a database, cache and message broker.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-db/redis                 < 3.2.5                    >= 3.2.5
                                                             >= 3.0.7

Description
===========

Multiple vulnerabilities have been discovered in Redis. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker, able to connect to a Redis instance, could issue
malicious commands possibly resulting in the execution of arbitrary
code with the privileges of the process or a Denial of Service
condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Redis 3.0.x users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-db/redis-3.0.7"

All Redis 3.2.x users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-db/redis-3.2.5"

References
==========

[ 1 ] CVE-2015-4335
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4335
[ 2 ] CVE-2015-8080
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8080
[ 3 ] CVE-2016-8339
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8339

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201702-16

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


--ni0pxSI5S8US8BO5Txv8mLxJsoKokCOvK--

    

- 漏洞信息

Redis CVE-2015-4335 EVAL Lua Sandbox Security Bypass Vulnerability
Design Error 75034
Yes No
2015-06-04 12:00:00 2015-06-09 07:58:00
Ben Murphy

- 受影响的程序版本

Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

- 漏洞讨论

- 漏洞利用

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站