[v3.0] redis: Lua sandbox escape and arbitrary code execution (CVE-2015-4335)
redis 3.0.2 and 2.8.21 have been released with the following changelog entry:
Upgrade urgency: HIGH for Redis because of a security issue.
LOW for Sentinel.
•[FIX] Critical security issue fix by Ben Murphy:
http://t.co/LpGTyZmfS7
https://groups.google.com/forum/\#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
The vulnerability is explained in more detail at:
http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
The Lua interpreter allows the user to load insecure bytecode that can be used to bypass the redis Lua sandbox.
The upstream patch fixing this is:
https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
Reference: http://seclists.org/oss-sec/2015/q2/639
(from redmine: issue id 4284, created on 2015-06-10, closed on 2015-06-11)
- Relations:
- parent #4283 (closed)
- Changesets:
- Revision 616183cd by Natanael Copa on 2015-06-11T09:36:26Z:
main/redis: security upgrade to 2.8.21 (CVE-2015-4335)
fixes #4284