Bug 1594291 (CVE-2018-12326)
| Summary: | CVE-2018-12326 redis: Code execution in redis-cli via crafted command line arguments | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | apevec, chrisw, cmacedo, dffrench, drusso, fabian.deutsch, hhorak, hvyas, jal233, jjoyce, jmadigan, jorton, jschluet, jshepherd, kbasil, lgriffin, lhh, lpeer, markmc, mburns, nathans, ngough, pwright, rcollet, rhos-maint, sclewis, sisharma, slinaber, tdecacqu, trepel |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | redis 5.0-rc2, redis 4.0.10, redis 3.2.12 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The Redis command line tool 'redis-cli' is vulnerable to a buffer overflow through the -h (host) command line parameter. The redis-cli may be used by other services; if these services do not adequately filter the host input it could lead to code execution with the privilege level of that service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:29:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1594294, 1595070, 1595071, 1595072, 1595073, 1595074, 1595075, 1595076, 1595077, 1595078, 1596254 | ||
| Bug Blocks: | 1594295 | ||
|
Description
Laura Pardo
2018-06-22 14:34:03 UTC
Created redis tracking bugs for this issue: Affects: epel-all [bug 1594294] The Redis command line tool "redis-cli" is vulnerable to a buffer overflow through the -h (host) command line parameter. If using redis-cli directly this could cause a self DoS or code execution with the same privilege level the command was executed with. This is unlikely to impact the security of the system as the attacker would already require access. It is possible that products are built to call redis-cli and may allow an attacker with access to the layered product to gain command execution on the underlying system. This would require the unfiltered host parameter to be passed from the layered product to redis-cli Specific to OpenStack: The default key-value data store in OpenStack is memcached. Regardless, none of the components that are included with Red Hat OpenStack make calls to redis-cli in a way that would allow the host value to be manipulated. This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0052 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:0094 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2019:1860 https://access.redhat.com/errata/RHSA-2019:1860 |