GoogleOSV:BIT-2023-45145

HistoryOct 31, 2023 - 7:27 a.m.

BIT-2023-45145

2023-10-3107:27:24

Google

osv.dev

173

redis

in-memory database

race condition

vulnerability

unix socket

permissions

upgrade

umask

workaround

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

CPENameOperatorVersion
redisge2.6.0
redislt6.2.14
redisge7.0.0
redislt7.0.14
redisge7.2.0
redislt7.2.2
redisge2.6.0-rc1
redisle2.6.0-rc1

Name	Operator	Version
redis	ge	2.6.0
redis	lt	6.2.14
redis	ge	7.0.0
redis	lt	7.0.14
redis	ge	7.2.0
redis	lt	7.2.2
redis	ge	2.6.0-rc1
redis	le	2.6.0-rc1

References

github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1

github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx

lists.debian.org/debian-lts-announce/2023/10/msg00032.html

lists.fedoraproject.org/archives/list/[email protected]/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW/

lists.fedoraproject.org/archives/list/[email protected]/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ/