SB2018062020 - Multiple vulnerabilities in Redis

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2018-12326)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a buffer overflow condition in the redis-clicomponent. A local attacker can execute a specially crafted command that submits malicious input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Type confusion (CVE-ID: CVE-2018-12453)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists in the xgroupCommand function due to improper handling of an XGROUP command where the key is not a stream by the xgroupCommand function, as defined in the t_stream.c source code file. A remote attacker can execute an XGROUP command that submits malicious input, trigger a type confusion condition and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
• https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
• https://github.com/antirez/redis/commit/c04082cf138f1f51cedf05ee9ad36fb6763cafc6