CVE-2015-4335 - OpenCVE

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redislabs	Redis
Debian	Debian Linux

Configuration 1 [-]

OR	cpe:2.3:a:redislabs:redis::::::::
	cpe:2.3:a:redislabs:redis:3.0.0:::::::*
	cpe:2.3:a:redislabs:redis:3.0.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

References

Link	Resource
http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/	Exploit Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1676.html	Third Party Advisory
http://www.debian.org/security/2015/dsa-3279	Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/04/12	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/04/8	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/05/3	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/75034	Third Party Advisory VDB Entry
https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411	Third Party Advisory
https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
https://security.gentoo.org/glsa/201702-16	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-06-09T14:00:00

Updated: 2017-08-14T15:57:01

Reserved: 2015-06-05T00:00:00

Link: CVE-2015-4335

JSON object: View

NVD Information

Status : Modified

Published: 2015-06-09T14:59:07.850

Modified: 2023-11-07T02:25:51.377

Link: CVE-2015-4335

JSON object: View

Redhat Information

No data.

CWE

CWE-17

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-04T00:00:00", "descriptions": [{"lang": "en", "value": "Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-14T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411"}, {"name": "FEDORA-2015-9498", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html"}, {"name": "[oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/8"}, {"name": "[oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/12"}, {"name": "openSUSE-SU-2015:1687", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html"}, {"name": "FEDORA-2015-9488", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html"}, {"name": "RHSA-2015:1676", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1676.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ"}, {"name": "75034", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75034"}, {"name": "[oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/05/3"}, {"name": "GLSA-201702-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201702-16"}, {"tags": ["x_refsource_MISC"], "url": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/"}, {"name": "DSA-3279", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3279"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4335", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411", "refsource": "CONFIRM", "url": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411"}, {"name": "FEDORA-2015-9498", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html"}, {"name": "[oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/04/8"}, {"name": "[oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/04/12"}, {"name": "openSUSE-SU-2015:1687", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html"}, {"name": "FEDORA-2015-9488", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html"}, {"name": "RHSA-2015:1676", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1676.html"}, {"name": "https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ"}, {"name": "75034", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75034"}, {"name": "[oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/05/3"}, {"name": "GLSA-201702-16", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-16"}, {"name": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/", "refsource": "MISC", "url": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/"}, {"name": "DSA-3279", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3279"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-4335", "datePublished": "2015-06-09T14:00:00", "dateReserved": "2015-06-05T00:00:00", "dateUpdated": "2017-08-14T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1CE4A9-BFA8-42F7-86B7-ABE8D079CFEB", "versionEndIncluding": "2.8.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:redislabs:redis:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A586960-66FE-4812-AB9F-9C5A745BCC48", "vulnerable": true}, {"criteria": "cpe:2.3:a:redislabs:redis:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "11528338-5A26-4BEF-A7AB-13C2DD28F668", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command."}, {"lang": "es", "value": "Redis anterior a versi\u00f3n 2.8.21 y versiones 3.x y anteriores a 3.0.2, permite a los atacantes remotos ejecutar el c\u00f3digo byte Lua arbitrario por medio del comando eval."}], "id": "CVE-2015-4335", "lastModified": "2023-11-07T02:25:51.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-09T14:59:07.850", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1676.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3279"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/12"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/8"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/06/05/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/75034"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-16"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}