Skip to content

Latest commit

 

History

History
76 lines (62 loc) · 3.92 KB

attack-tree.md

File metadata and controls

76 lines (62 loc) · 3.92 KB

Attack Tree Analysis for redis/hiredis

Objective: To achieve Remote Code Execution (RCE) on the application server or to cause a Denial of Service (DoS) or to exfiltrate sensitive data stored in Redis, all by exploiting vulnerabilities or weaknesses in the hiredis library or its interaction with the application.

Attack Tree Visualization

Compromise Application via hiredis |

| |

  1. Achieve RCE 3. Exfiltrate Data | |

| | | 1.1 Buffer Overflow 1.2 Format String 3.2 Exploit in hiredis Parsing Vulnerability hiredis API | | | Misuse [CRITICAL]

| | | | | 1.1.1 1.2.1 3.2.1 3.2.2 3.2.3 ... ... ... ... ...

Attack Tree Path: 1. Achieve RCE (Remote Code Execution)

  • 1.1 Buffer Overflow in hiredis Parsing:

    • 1.1.1 Crafted Oversized Reply: [CRITICAL]
      • Description: An attacker sends a specially crafted, oversized response from a malicious or compromised Redis server that exceeds the buffer size allocated by hiredis for parsing replies.
      • Likelihood: Low
      • Impact: Very High (RCE)
      • Effort: Medium
      • Skill Level: Advanced
      • Detection Difficulty: Medium

  • 1.2 Format String Vulnerability:

    • 1.2.1 Uncontrolled Format String in Logging (Application-Level): [CRITICAL]
      • Description: The application uses a format string function (like printf) with user-controlled input (e.g., data from Redis) without proper sanitization, allowing the attacker to inject format string specifiers.
      • Likelihood: Low
      • Impact: Very High (RCE)
      • Effort: Low
      • Skill Level: Intermediate
      • Detection Difficulty: Easy
      • HIGH-RISK PATH

Attack Tree Path: 3. Exfiltrate Data

  • 3.2 Exploit hiredis API Misuse (Application-Level): [CRITICAL]

    • 3.2.1 Application Logic Flaws: [CRITICAL]

      • Description: The application inadvertently exposes data through its use of hiredis due to flaws in its own logic, such as using user-supplied input to construct Redis keys without validation.
      • Likelihood: Medium to High
      • Impact: High
      • Effort: Low to Medium
      • Skill Level: Intermediate
      • Detection Difficulty: Medium
      • HIGH-RISK PATH

    • 3.2.2 Insecure Deserialization (Application-Level): [CRITICAL]

      • Description: The application deserializes data retrieved from Redis using an insecure deserialization library, allowing an attacker to inject malicious objects.
      • Likelihood: Medium
      • Impact: Very High (RCE or data exfiltration)
      • Effort: Low
      • Skill Level: Intermediate
      • Detection Difficulty: Medium
      • HIGH-RISK PATH

    • 3.2.3 Command Injection (Application-Level): [CRITICAL]

      • Description: The application allows user input to influence the Redis commands executed through hiredis without proper sanitization, enabling the attacker to inject arbitrary Redis commands.
      • Likelihood: Medium to High
      • Impact: Very High
      • Effort: Low
      • Skill Level: Intermediate
      • Detection Difficulty: Medium
      • HIGH-RISK PATH