Vulnerabilities > CVE-2016-10517 - 7PK - Security Features vulnerability in Redislabs Redis

CVSS 7.4 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redislabs

CWE-254

nessus

NVD

Published: 2017-10-24

Updated: 2024-11-21

Summary

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).

Vulnerable Configurations

Part	Description	Count
Application	Redislabs Redislabs Redis 1.3.6 Redislabs Redis 1.3.7 Redislabs Redis 1.3.8 Redislabs Redis 1.3.9 Redislabs Redis 1.3.10 Redislabs Redis 1.3.11 Redislabs Redis 1.3.12 Redislabs Redis 2.0.0 Redislabs Redis 2.0.1 Redislabs Redis 2.0.2 Redislabs Redis 2.0.3 Redislabs Redis 2.0.4 Redislabs Redis 2.0.5 Redislabs Redis 2.1.1 Redislabs Redis 2.2 Redislabs Redis 2.2.0 Redislabs Redis 2.2.1 Redislabs Redis 2.2.2 Redislabs Redis 2.2.3 Redislabs Redis 2.2.4 Redislabs Redis 2.2.5 Redislabs Redis 2.2.6 Redislabs Redis 2.2.7 Redislabs Redis 2.2.8 Redislabs Redis 2.2.9 Redislabs Redis 2.2.10 Redislabs Redis 2.2.11 Redislabs Redis 2.2.12 Redislabs Redis 2.2.13 Redislabs Redis 2.2.14 Redislabs Redis 2.2.15 Redislabs Redis 2.2.105 Redislabs Redis 2.2.106 Redislabs Redis 2.2.107 Redislabs Redis 2.2.110 Redislabs Redis 2.2.111 Redislabs Redis 2.3 Redislabs Redis 2.4.0 Redislabs Redis 2.4.1 Redislabs Redis 2.4.2 Redislabs Redis 2.4.3 Redislabs Redis 2.4.4 Redislabs Redis 2.4.5 Redislabs Redis 2.4.6 Redislabs Redis 2.4.7 Redislabs Redis 2.4.8 Redislabs Redis 2.4.9 Redislabs Redis 2.4.10 Redislabs Redis 2.4.11 Redislabs Redis 2.4.12 Redislabs Redis 2.4.13 Redislabs Redis 2.4.14 Redislabs Redis 2.4.15 Redislabs Redis 2.4.16 Redislabs Redis 2.4.17 Redislabs Redis 2.4.18 Redislabs Redis 2.6.0 Redislabs Redis 2.6.1 Redislabs Redis 2.6.2 Redislabs Redis 2.6.3 Redislabs Redis 2.6.4 Redislabs Redis 2.6.5 Redislabs Redis 2.6.6 Redislabs Redis 2.6.7 Redislabs Redis 2.6.7-1 Redislabs Redis 2.6.8 Redislabs Redis 2.6.8-1 Redislabs Redis 2.6.9 Redislabs Redis 2.6.9-1 Redislabs Redis 2.6.10 Redislabs Redis 2.6.10-1 Redislabs Redis 2.6.10-2 Redislabs Redis 2.6.10-3 Redislabs Redis 2.6.11 Redislabs Redis 2.6.12 Redislabs Redis 2.6.13 Redislabs Redis 2.6.14 Redislabs Redis 2.6.14-1 Redislabs Redis 2.6.14-2 Redislabs Redis 2.6.15 Redislabs Redis 2.6.16 Redislabs Redis 2.6.17 Redislabs Redis 2.8.0 Redislabs Redis 2.8.1 Redislabs Redis 2.8.2 Redislabs Redis 2.8.3 Redislabs Redis 2.8.4 Redislabs Redis 2.8.5 Redislabs Redis 2.8.6 Redislabs Redis 2.8.7 Redislabs Redis 2.8.8 Redislabs Redis 2.8.9 Redislabs Redis 2.8.10 Redislabs Redis 2.8.11 Redislabs Redis 2.8.12 Redislabs Redis 2.8.13 Redislabs Redis 2.8.14 Redislabs Redis 2.8.15 Redislabs Redis 2.8.16 Redislabs Redis 2.8.17 Redislabs Redis 2.8.18 Redislabs Redis 2.8.19 Redislabs Redis 2.8.20 Redislabs Redis 2.8.21 Redislabs Redis 2.8.22 Redislabs Redis 2.8.23 Redislabs Redis 2.8.24 Redislabs Redis 3.0 Redislabs Redis 3.0.0 Redislabs Redis 3.0.1 Redislabs Redis 3.0.2 Redislabs Redis 3.0.3 Redislabs Redis 3.0.4 Redislabs Redis 3.0.5 Redislabs Redis 3.0.6 Redislabs Redis 3.0.7 Redislabs Redis 3.2 Redislabs Redis 3.2.0 Redislabs Redis 3.2.1 Redislabs Redis 3.2.2 Redislabs Redis 3.2.3 Redislabs Redis 3.2.4 Redislabs Redis 3.2.5 Redislabs Redis 3.2.6	183

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-1258.NASL
description	This update for redis to version 4.0.2 fixes the following issues : - CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability (boo#1002351) The following upstream changes are included : - SLOWLOG now logs the offending client name and address - The modules native data types RDB format changed. - The AOF check utility is now able to deal with RDB preambles. - GEORADIUS_RO and GEORADIUSBYMEMBER_RO variants, not supporting the STORE option, were added in order to allow read-only scaling of such queries. - HSET is now variadic, and HMSET is considered deprecated - GEORADIUS huge radius (>= ~6000 km) corner cases fixed - HyperLogLog commands no longer crash on certain input (non HLL) strings. - Fixed SLAVEOF inside MULTI/EXEC blocks. - TCP binding bug fixed when only certain addresses were available for a given por - MIGRATE could crash the server after a socket error
last seen	2020-06-05
modified	2017-11-13
plugin id	104521
published	2017-11-13
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/104521
title	openSUSE Security Update : redis (openSUSE-2017-1258)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-1258. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(104521); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-10517", "CVE-2016-8339"); script_name(english:"openSUSE Security Update : redis (openSUSE-2017-1258)"); script_summary(english:"Check for the openSUSE-2017-1258 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for redis to version 4.0.2 fixes the following issues : - CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability (boo#1002351) The following upstream changes are included : - SLOWLOG now logs the offending client name and address - The modules native data types RDB format changed. - The AOF check utility is now able to deal with RDB preambles. - GEORADIUS_RO and GEORADIUSBYMEMBER_RO variants, not supporting the STORE option, were added in order to allow read-only scaling of such queries. - HSET is now variadic, and HMSET is considered deprecated - GEORADIUS huge radius (>= ~6000 km) corner cases fixed - HyperLogLog commands no longer crash on certain input (non HLL) strings. - Fixed SLAVEOF inside MULTI/EXEC blocks. - TCP binding bug fixed when only certain addresses were available for a given por - MIGRATE could crash the server after a socket error" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064980" ); script_set_attribute( attribute:"solution", value:"Update the affected redis packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:redis"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:redis-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:redis-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2\|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"redis-4.0.2-8.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"redis-debuginfo-4.0.2-8.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"redis-debugsource-4.0.2-8.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"redis-4.0.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"redis-debuginfo-4.0.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"redis-debugsource-4.0.2-11.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "redis / redis-debuginfo / redis-debugsource"); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References