Test ID:	1.3.6.1.4.1.25623.1.0.104997
Category:	Databases
Title:	Redis Unix Socket Permission Access Bypass Vulnerability (GHSA-ghmp-889m-7cvx)
Summary:	Redis is prone to a vulnerability that allows to bypass desired; Unix socket permissions on startup.
Description:	Summary: Redis is prone to a vulnerability that allows to bypass desired Unix socket permissions on startup. Vulnerability Insight: On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. Affected Software/OS: Redis versions starting from 2.6.0-RC1 and prior to 6.2.14, 7.0.x prior to 7.0.14 and 7.2.x prior to 7.2.2. Solution: Update to version 6.2.14, 7.0.14, 7.2.2 or later. It is also possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. CVSS Score: 2.4 CVSS Vector: AV:L/AC:H/Au:S/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-45145 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZMGTTV5XM4LA66FSIJSETNBBRRPJYOQ/ https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx https://lists.debian.org/debian-lts-announce/2023/10/msg00032.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.