What is Redis:
REmote Dictionary Server (REDIS) is a data structure server designed to be accessed by trusted clients inside a trusted environment. It is open-source, networked, in-memory, and stores keys with optional durability. For more details, read the documents listed in the references section below.
The IPs of vulnerable servers are open to access using the "redis-cli" program (packaged with Redis server) or telnet. Malicous intruders may be able to use the command "redis-cli -h [IP]", followed by "info" to obtain the Redis server version being used on the host. This client access can be used to obtain full control of a Redis server and the content it is storing.
Also, vulnerable Redis servers can be exploited by attackers for malicious botnet activities like "RedisWannaMine".
How to verify if your server is vulnerable:
Use the following command to collect the information about your system via the Redis service:
telnet <IP> 6379
os:Linux 2.6.32-431.20.3.el6.x86_64 x86_64
Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket.. These are the suggestions for mitigation:
Different options are available to protect your server or device:
- Disable Redis if you are not using it. Is the easiest and the most effective solution.
- Implement authentication feature in redis.conf
- Use your Firewall to block inbound connections to the Redis service, and only allow the trusted IPs and hosts