ID de Prueba:	1.3.6.1.4.1.25623.1.0.105290
Categoría:	Databases
Título:	Redis < 2.8.21, 3.x < 3.0.2 EVAL Lua Sandbox Escape Vulnerability
Resumen:	It is possible to break out of the Lua sandbox in Redis and; execute arbitrary code.
Descripción:	Summary: It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. Vulnerability Impact: Successfully attack may allow the attacker to execute code in the context of the application Affected Software/OS: Redis versions prior to 2.8.21 and 3.x prior to 3.0.2. Solution: Updates are available. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4335 BugTraq ID: 75034 http://www.securityfocus.com/bid/75034 Debian Security Information: DSA-3279 (Google Search) http://www.debian.org/security/2015/dsa-3279 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html https://security.gentoo.org/glsa/201702-16 http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ http://www.openwall.com/lists/oss-security/2015/06/04/8 http://www.openwall.com/lists/oss-security/2015/06/04/12 http://www.openwall.com/lists/oss-security/2015/06/05/3 RedHat Security Advisories: RHSA-2015:1676 http://rhn.redhat.com/errata/RHSA-2015-1676.html SuSE Security Announcement: openSUSE-SU-2015:1687 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.