===================================================================== CERT-Renater Note d'Information No. 2023/VULN425 _____________________________________________________________________ DATE : 20/10/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running redis-server versions prior to 7.2.2, 7.0.14, 6.2.14. ===================================================================== https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx _____________________________________________________________________ Redis Unix-domain socket may be exposed with the wrong permissions for a short time window. Low yossigo published GHSA-ghmp-889m-7cvx Oct 18, 2023 Package redis-server (n/a) Affected versions >= 2.6.0-rc1 Patched versions 7.2.2, 7.0.14, 6.2.14 Description Impact On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. The problem exists since Redis 2.6.0-RC1. Patches The problem is fixed in Redis 7.2.2, 7.0.14 or 6.2.14. Workaround It is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. Credit The problem was reported by Alexander Aleksandrovič Klimov of Icinga. Severity Low 3.1/ 10 CVSS base metrics Attack vector Local Attack complexity Low Privileges required High User interaction Required Scope Unchanged Confidentiality Low Integrity Low Availability None CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N CVE ID CVE-2023-45145 Weaknesses CWE-668 Credits @Al2Klimov Al2Klimov Reporter ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================