Bug 17291

Debian patch applied to Redis Packages.

== Advisory Text ==

Luca Bruno discovered an integer overflow flaw leading to a stack-based buffer overflow in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service (application crash).


SRPM:

redis-2.8.13-4.1.mga5.src.rpm

RPMS:

redis-2.8.13-4.1.mga5.i586.rpm
redis-2.8.13-4.1.mga5.x86_64.rpm

redis-debuginfo-2.8.13-4.1.mga5.i586.rpm
redis-debuginfo-2.8.13-4.1.mga5.x86_64.rpm

CC: (none) => mageia
Assignee: mageia => qa-bugs

Thanks Colin!

Advisory with references:

Luca Bruno discovered an integer overflow flaw leading to a stack-based buffer
overflow in redis, a persistent key-value database. A remote attacker can use
this flaw to cause a denial of service (application crash) (CVE-2015-8080).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8080
https://www.debian.org/security/2015/dsa-3412

Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

mga5  x86_64  Mate

Starting to test this with limited understanding of how to run it.
No idea about PoC.
Installed redis and found these files in the bin directories:
/usr/bin/redis-benchmark
/usr/bin/redis-check-aof
/usr/bin/redis-check-dump
/usr/bin/redis-cli
/usr/sbin/redis-server

redis is an in memory database which requires the server to be run by root.
This provides an announcement on the command line ending with:
[8754] 16 Dec 01:41:22.630 * The server is now ready to accept connections on port 6379

redis-benchmark generates this sort of output:
====== PING_INLINE ======
  10000 requests completed in 0.04 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

100.00% <= 0 milliseconds
238095.23 requests per second

====== PING_BULK ======
  10000 requests completed in 0.04 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

100.00% <= 0 milliseconds
243902.44 requests per second

====== SET ======
  10000 requests completed in 0.04 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

100.00% <= 0 milliseconds
238095.23 requests per second

There is a bash script on github (https://github.com/crypt1d/redi.sh) which performs some simple database operations which I ran inside a bash wrapper (because of tcsh):

#!/bin/bash
typeset Color="red" 
typeset | grep ^Color= | ./redi.sh 
./redi.sh -g Color 
typeset -a Colors=([0]="red" [1]="green" [2]="blue")
typeset | grep ^Colors= | ./redi.sh -a
./redi.sh -ag Colors

This stores values and retrieves them as expected.

Attaching redi.sh - note MIT licence (?)

Shall report back on the upgrade.

CC: (none) => tarazed25

Created attachment 7281 [details]
Bash script to use the redis database via port 6379

This can be exercised from the command line:
#!/bin/bash
typeset Color="red" 
typeset | grep ^Color= | ./redi.sh 
./redi.sh -g Color 
typeset -a Colors=([0]="red" [1]="green" [2]="blue")
typeset | grep ^Colors= | ./redi.sh -a
./redi.sh -ag Colors

Ran the benchmark test after updating redis and then the commands noted above in comment 4 which returned the same result as before.

red
Colors=([0]="red" [1]="green" [2]="blue")

Marking this as OK although it would have been tidier with a PoC.

Good job Len.

Validating. Advisory uploaded.

Please push to 5 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA5-64-OK => has_procedure advisory MGA5-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0472.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED