FS#33621 : [redis] Redis is exposed to the world by default

FS#33621 - [redis] Redis is exposed to the world by default

Attached to Project: Community Packages
Opened by John Lockman (ultramancool) - Tuesday, 29 January 2013, 01:12 GMT
Last edited by Sergej Pupykin (sergej) - Tuesday, 29 January 2013, 12:55 GMT

Task Type	General Gripe
Category	Upstream Bugs
Status	Closed
Assigned To	Sergej Pupykin (sergej)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
Redis is bound to 0.0.0.0:6379 by default, leaving this exposed to the internet can present a huge security vulnerability and allow external users to manipulate data in redis. It should only be bound to localhost by default or a notice should at least be presented upon installation warning the user about this.

Additional info:
* package version:
community/redis 2.6.8-1 on x86_64

Steps to reproduce:
1) Install redis
2) nmap -p6379 your public interface

This task depends upon

Closed by Sergej Pupykin (sergej)
Tuesday, 29 January 2013, 12:55 GMT
Reason for closing: Fixed

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#33621 - [redis] Redis is exposed to the world by default

Details

Loading...