ALT-PU-2015-1493-1
Closed vulnerabilities
Published: 2015-06-09
BDU:2015-10357
Уязвимость системы управления базами данных Redis, позволяющая нарушителю выполнить произвольный Lua-байт-код
Severity: CRITICAL (10.0)
References:
Published: 2015-06-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Severity: CRITICAL (10.0)
References:
- http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
- http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
- FEDORA-2015-9488
- FEDORA-2015-9488
- FEDORA-2015-9498
- FEDORA-2015-9498
- openSUSE-SU-2015:1687
- openSUSE-SU-2015:1687
- RHSA-2015:1676
- RHSA-2015:1676
- DSA-3279
- DSA-3279
- [oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution
- [oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution
- [oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution
- [oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution
- [oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution
- [oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution
- 75034
- 75034
- https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
- https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
- https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
- https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
- GLSA-201702-16
- GLSA-201702-16