Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability is well known, easy to exploit, and public exploit code is available. Advanced persistent threat (APT) groups have targeted this vulnerability to install malware such as the Muhstik botnet, Redigo backdoor, and P2PInfect. An authenticated attacker could gain complete control of a device, steal sensitive information, or launch additional attacks on the network.
Kill Chain
Risk Score
83
Redis is an open-source data store that can act as a database, cache, streaming engine, and message broker. Redis embeds the Lua programming language as its scripting engine, which provides the ability to both run Lua scripts in a sandbox and access Lua functionality through the "eval" command. A sandbox enables clients to safely interact with Redis APIs having Lua but prohibits running any arbitrary code on the Redis host.
Redis installations on Debian and Debian-derived Linux distributions such as Ubuntu are affected by a Lua sandbox escape vulnerability. The vulnerable Redis package fails to disable the package module variable. To exploit this vulnerability, the attacker establishes an authenticated connection to a Redis server and sends a request with the eval command to run the server-side package.loadlib Lua script, which loads modules from the liblua library. The attacker can then leverage this module to escape the sandbox and run arbitrary commands on the Redis host.
