FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- Possible bypassing Unix socket permissions

Affected packages
redis < 7.2.2
redis-devel < 7.2.2.20231018
redis70 < 7.0.14
redis62 < 6.2.14

Details

VuXML ID 8706e097-6db7-11ee-8744-080027f5fec9
Discovery 2023-10-18
Entry 2023-10-18

Redis core team reports:

The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.

[source]

References

CVE Name CVE-2023-45145
URL https://groups.google.com/g/redis-db/c/r81pHa-dcI8

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.