Test ID:	1.3.6.1.4.1.25623.1.0.105290
Category:	Databases
Title:	Redis < 2.8.21, 3.x < 3.0.2 EVAL Lua Sandbox Escape Vulnerability
Summary:	It is possible to break out of the Lua sandbox in Redis and; execute arbitrary code.
Description:	Summary: It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. Vulnerability Impact: Successfully attack may allow the attacker to execute code in the context of the application Affected Software/OS: Redis versions prior to 2.8.21 and 3.x prior to 3.0.2. Solution: Updates are available. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4335 BugTraq ID: 75034 http://www.securityfocus.com/bid/75034 Debian Security Information: DSA-3279 (Google Search) http://www.debian.org/security/2015/dsa-3279 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html https://security.gentoo.org/glsa/201702-16 http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ http://www.openwall.com/lists/oss-security/2015/06/04/8 http://www.openwall.com/lists/oss-security/2015/06/04/12 http://www.openwall.com/lists/oss-security/2015/06/05/3 RedHat Security Advisories: RHSA-2015:1676 http://rhn.redhat.com/errata/RHSA-2015-1676.html SuSE Security Announcement: openSUSE-SU-2015:1687 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.