redis: Lua sandbox escape and arbitrary code execution (CVE-2015-4335)
redis 3.0.2 and 2.8.21 have been released with the following changelog entry:
Upgrade urgency: HIGH for Redis because of a security issue.
LOW for Sentinel.
- [FIX] Critical security issue fix by Ben Murphy: http://t.co/LpGTyZmfS7
https://groups.google.com/forum/\#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
The vulnerability is explained in more detail at:
http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
The Lua interpreter allows the user to load insecure bytecode that can be used to bypass the redis Lua sandbox.
The upstream patch fixing this is:
https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
Reference: http://seclists.org/oss-sec/2015/q2/639
(from redmine: issue id 4283, created on 2015-06-10, closed on 2015-06-11)
- Relations:
- child #4284 (closed)
- child #4285 (closed)
- child #4286 (closed)