Red Hat Bugzilla – Bug 1594291
CVE-2018-12326 redis: code execution via a crafted command line
Last modified: 2018-09-23 23:10:35 EDT
A flaw was found in Redis before 4.0.10 and 5.x before 5.0 RC2. A buffer overflow in redis-cli allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. References: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0 https://www.exploit-db.com/exploits/44904/ Patch: https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50
Created redis tracking bugs for this issue: Affects: epel-all [bug 1594294]
The Redis command line tool "redis-cli" is vulnerable to a buffer overflow through the -h (host) command line parameter. If using redis-cli directly this could cause a self DoS or code execution with the same privilege level the command was executed with. This is unlikely to impact the security of the system as the attacker would already require access. It is possible that products are built to call redis-cli and may allow an attacker with access to the layered product to gain command execution on the underlying system. This would require the unfiltered host parameter to be passed from the layered product to redis-cli Specific to OpenStack: The default key-value data store in OpenStack is memcached. Regardless, none of the components that are included with Red Hat OpenStack make calls to redis-cli in a way that would allow the host value to be manipulated.