CVE-2023-45145: Redis Unauthorized Connection via Race Condition on UNIX Socket Permissions

Redis is an in-memory database that persists on disk and is often used to provide data caching, messaging, and other services. However, a recent discovery reveals that a potential security issue has been present since the release of Redis 2.6.-RC1. The security vulnerability, identified as CVE-2023-45145, is a race condition that allows unauthorized connections via the Unix socket due to weak permissions during startup.

Code Snippet

// Redis config file excerpt
unixsocket /tmp/redis.sock
unixsocketperm 700

Original References

1. Redis Security Advisory (CVE-2023-45145)
2. Redis Github Repository
3. Redis Releases (includes 7.2.2, 7..14, and 6.2.14 patches)

Exploit Details

When starting up, Redis creates a Unix socket and sets its permissions based on the user-provided configuration. However, if a permissive umask(2) is used, there is a brief period during which another process can exploit the race condition and establish an unauthorized connection.

Redis 7.2. through 7.2.1

Fortunately, this issue has been addressed in Redis versions 7.2.2, 7..14, and 6.2.14, and users are advised to upgrade their Redis instances to the latest available version.

For users who cannot immediately upgrade, there are several workarounds available

1. Disable Unix sockets in the Redis configuration file by commenting out or removing the unixsocket and unixsocketperm lines:

# unixsocket /tmp/redis.sock
# unixsocketperm 700

Start Redis with a restrictive umask, for example, umask 077

umask 077
redis-server /path/to/redis.conf

3. Store the Unix socket file in a protected directory by using the unixsocket directive in the Redis configuration file:

unixsocket /protected/directory/redis.sock
unixsocketperm 700

Please ensure that the specified directory has proper permissions set to prevent unauthorized access.

By applying one of the above workarounds or upgrading your Redis install, you can protect your Redis instance from this security vulnerability. Stay informed and keep your infrastructure secure.

Timeline

Published on: 10/18/2023 21:15:00 UTC
Last modified on: 10/30/2023 12:50:00 UTC