Red Hat Bugzilla – Bug 1499152
CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig function
Last modified: 2017-11-16 19:08:58 EST
The clusterLoadConfig function in cluster.c in Redis allows local attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."
Created redis tracking bugs for this issue:
Affects: epel-all [bug 1499153]
Affects: fedora-all [bug 1499154]
FWIW, I don't believe this issue is exploitable for default Redis configurations with any Red Hat product or Fedora packages (probably the Severity and Priority of this BZ should be lowered).
I've added a note and github pull request fixing the underlying bug, upstream:
Changed impact to low as this requires access to modify redis owned files, with that access there would be better way to exploit the system/service.
Changed CVSS score based on impact to availability, low is still generous as with redis user access you could just kill the process anyway.
Permissions are validated for all current OpenStack packages.
There is no local user access for Redis deployed to RHAMP On-premise. Redis runs in a dedicated container pod with no other shared users. Marking as not affected.