Vulnerabilities > CVE-2015-4335 - Code vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-634.NASL description redis was updated to version 2.8.22 (boo#934048) to fix a LUA sandbox update. (CVE-2015-4335) Details can be found on http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-esc ape/ For the other changes see in the package: /usr/share/doc/packages/redis/00-RELEASENOTES last seen 2020-06-05 modified 2015-10-06 plugin id 86284 published 2015-10-06 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86284 title openSUSE Security Update : redis (openSUSE-2015-634) NASL family Fedora Local Security Checks NASL id FEDORA_2015-9488.NASL description - Upstream 2.8.21 (RHBZ #1228245) - Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-20 plugin id 84858 published 2015-07-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84858 title Fedora 21 : redis-2.8.21-1.fc21 (2015-9488) NASL family Fedora Local Security Checks NASL id FEDORA_2015-9498.NASL description - Upstream 2.8.21 - Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-20 plugin id 84859 published 2015-07-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84859 title Fedora 22 : redis-2.8.21-1.fc22 (2015-9498) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201702-16.NASL description The remote host is affected by the vulnerability described in GLSA-201702-16 (Redis: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, able to connect to a Redis instance, could issue malicious commands possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 97259 published 2017-02-21 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/97259 title GLSA-201702-16 : Redis: Multiple vulnerabilities NASL family Misc. NASL id REDIS_CVE-2015-4335.NASL description The version of Redis installed on the remote host is affected by a remote code execution vulnerability. An attacker can exploit this issue via the eval command to execute arbitrary Lua bytecote. last seen 2020-06-01 modified 2020-06-02 plugin id 109323 published 2018-04-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109323 title Pivotal Software Redis < 2.8.21 / 3.x < 3.0.2 RCE NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_838FA84A0E2511E590E4D050996490D0.NASL description Ben Murphy reports : It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. This shouldn last seen 2020-06-01 modified 2020-06-02 plugin id 84043 published 2015-06-09 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84043 title FreeBSD : redis -- EVAL Lua Sandbox Escape (838fa84a-0e25-11e5-90e4-d050996490d0) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3279.NASL description It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 84024 published 2015-06-09 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84024 title Debian DSA-3279-1 : redis - security update
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
- https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
- http://www.openwall.com/lists/oss-security/2015/06/04/8
- http://www.debian.org/security/2015/dsa-3279
- http://www.openwall.com/lists/oss-security/2015/06/04/12
- http://www.openwall.com/lists/oss-security/2015/06/05/3
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html
- http://rhn.redhat.com/errata/RHSA-2015-1676.html
- http://www.securityfocus.com/bid/75034
- https://security.gentoo.org/glsa/201702-16
- https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ