Redis CVE-2018-12453 Remote Denial Of Service Vulnerability

2018-06-1600:00:00

Symantec Security Response

www.symantec.com

JSON

Description

Redis is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Redis version prior to 5.0 are vulnerable.

Technologies Affected

Redhat Ceph Storage 3
Redhat Mobile Application Platform 4
Redis Redis 2.8.21
Redis Redis 3.0.2
Redis Redis 3.0.7
Redis Redis 3.2.11
Redis Redis 3.2.12
Redis Redis 3.2.13
Redis Redis 3.2.3
Redis Redis 3.2.7
Redis Redis 4.0
Redis Redis 4.0.10
Redis Redis 4.0.14
Redis Redis 4.0.9

Recommendations

Block external access at the network boundary, unless external parties require service.
If possible, block external access to the server hosting the vulnerable software. Permit access for trusted or internal networks and hosts only.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.

Updates are available. Please see the references or vendor advisory for more information.

CPENameOperatorVersion
redis rediseq4.0
redis rediseq3.2.7
redis rediseq4.0.9
redis rediseq2.8.21
redis rediseq3.0.7
redhat ceph storageeq3
redis rediseq3.2.13
redis rediseq3.2.12
redhat mobile application platformeq4
redis rediseq3.0.2

Name	Operator	Version
redis redis	eq	4.0
redis redis	eq	3.2.7
redis redis	eq	4.0.9
redis redis	eq	2.8.21
redis redis	eq	3.0.7
redhat ceph storage	eq	3
redis redis	eq	3.2.13
redis redis	eq	3.2.12
redhat mobile application platform	eq	4
redis redis	eq	3.0.2