Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1499152 - (CVE-2017-15047) CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig function
CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig ...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20170831,reported=2...
: Security
Depends On: 1499153 1499154
Blocks: 1499157
  Show dependency treegraph
 
Reported: 2017-10-06 05:28 EDT by Andrej Nemec
Modified: 2017-11-16 19:08 EST (History)
34 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrej Nemec 2017-10-06 05:28:25 EDT
The clusterLoadConfig function in cluster.c in Redis allows local attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."

Upstream issue:

https://github.com/antirez/redis/issues/4278
Comment 1 Andrej Nemec 2017-10-06 05:29:36 EDT
Created redis tracking bugs for this issue:

Affects: epel-all [bug 1499153]
Affects: fedora-all [bug 1499154]
Comment 2 Nathan Scott 2017-10-11 01:24:21 EDT
FWIW, I don't believe this issue is exploitable for default Redis configurations with any Red Hat product or Fedora packages  (probably the Severity and Priority of this BZ should be lowered).

I've added a note and github pull request fixing the underlying bug, upstream:
https://github.com/antirez/redis/pull/4365
https://github.com/antirez/redis/issues/4278#issuecomment-335095580

cheers.
Comment 3 Joshua Padman 2017-10-12 18:51:40 EDT
Changed impact to low as this requires access to modify redis owned files, with that access there would be better way to exploit the system/service. 
Changed CVSS score based on impact to availability, low is still generous as with redis user access you could just kill the process anyway.

Permissions are validated for all current OpenStack packages.
Comment 4 Jason Shepherd 2017-11-16 19:07:51 EST
There is no local user access for Redis deployed to RHAMP On-premise. Redis runs in a dedicated container pod with no other shared users. Marking as not affected.

Note You need to log in before you can comment on or make changes to this bug.