A flaw was found in Redis before 4.0.10 and 5.x before 5.0 RC2. A buffer overflow in redis-cli allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. References: https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0 https://www.exploit-db.com/exploits/44904/ Patch: https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50
Created redis tracking bugs for this issue: Affects: epel-all [bug 1594294]
The Redis command line tool "redis-cli" is vulnerable to a buffer overflow through the -h (host) command line parameter. If using redis-cli directly this could cause a self DoS or code execution with the same privilege level the command was executed with. This is unlikely to impact the security of the system as the attacker would already require access. It is possible that products are built to call redis-cli and may allow an attacker with access to the layered product to gain command execution on the underlying system. This would require the unfiltered host parameter to be passed from the layered product to redis-cli Specific to OpenStack: The default key-value data store in OpenStack is memcached. Regardless, none of the components that are included with Red Hat OpenStack make calls to redis-cli in a way that would allow the host value to be manipulated.
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0052
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:0094
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2019:1860 https://access.redhat.com/errata/RHSA-2019:1860