Debian has issued an advisory on December 3: https://www.debian.org/security/2015/dsa-3412 Mageia 5 is also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO
Debian patch applied to Redis Packages. == Advisory Text == Luca Bruno discovered an integer overflow flaw leading to a stack-based buffer overflow in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service (application crash). SRPM: redis-2.8.13-4.1.mga5.src.rpm RPMS: redis-2.8.13-4.1.mga5.i586.rpm redis-2.8.13-4.1.mga5.x86_64.rpm redis-debuginfo-2.8.13-4.1.mga5.i586.rpm redis-debuginfo-2.8.13-4.1.mga5.x86_64.rpm
CC: (none) => mageiaAssignee: mageia => qa-bugs
Thanks Colin! Advisory with references: Luca Bruno discovered an integer overflow flaw leading to a stack-based buffer overflow in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service (application crash) (CVE-2015-8080). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8080 https://www.debian.org/security/2015/dsa-3412
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
mga5 x86_64 Mate Starting to test this with limited understanding of how to run it. No idea about PoC. Installed redis and found these files in the bin directories: /usr/bin/redis-benchmark /usr/bin/redis-check-aof /usr/bin/redis-check-dump /usr/bin/redis-cli /usr/sbin/redis-server redis is an in memory database which requires the server to be run by root. This provides an announcement on the command line ending with: [8754] 16 Dec 01:41:22.630 * The server is now ready to accept connections on port 6379 redis-benchmark generates this sort of output: ====== PING_INLINE ====== 10000 requests completed in 0.04 seconds 50 parallel clients 3 bytes payload keep alive: 1 100.00% <= 0 milliseconds 238095.23 requests per second ====== PING_BULK ====== 10000 requests completed in 0.04 seconds 50 parallel clients 3 bytes payload keep alive: 1 100.00% <= 0 milliseconds 243902.44 requests per second ====== SET ====== 10000 requests completed in 0.04 seconds 50 parallel clients 3 bytes payload keep alive: 1 100.00% <= 0 milliseconds 238095.23 requests per second There is a bash script on github (https://github.com/crypt1d/redi.sh) which performs some simple database operations which I ran inside a bash wrapper (because of tcsh): #!/bin/bash typeset Color="red" typeset | grep ^Color= | ./redi.sh ./redi.sh -g Color typeset -a Colors=([0]="red" [1]="green" [2]="blue") typeset | grep ^Colors= | ./redi.sh -a ./redi.sh -ag Colors This stores values and retrieves them as expected. Attaching redi.sh - note MIT licence (?) Shall report back on the upgrade.
CC: (none) => tarazed25
Created attachment 7281 [details] Bash script to use the redis database via port 6379 This can be exercised from the command line: #!/bin/bash typeset Color="red" typeset | grep ^Color= | ./redi.sh ./redi.sh -g Color typeset -a Colors=([0]="red" [1]="green" [2]="blue") typeset | grep ^Colors= | ./redi.sh -a ./redi.sh -ag Colors
Ran the benchmark test after updating redis and then the commands noted above in comment 4 which returned the same result as before. red Colors=([0]="red" [1]="green" [2]="blue") Marking this as OK although it would have been tidier with a PoC.
Whiteboard: (none) => MGA5-64-OK
Good job Len. Validating. Advisory uploaded. Please push to 5 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => has_procedure advisory MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0472.html
Status: NEW => RESOLVEDResolution: (none) => FIXED