Abstract: On July 22, 2021, the Official Redis and the open source Redis community have released an announcement, disclosed the CVE-2021-32761 Redis (32-bit) remote code execution vulnerability. So how do you nip in the bud for such database security holes?
The CVE-2021-32761 Redis (32-bit) remote code execution vulnerability was disclosed by the Official Redis and the open source Redis community on July 22, 2021. In 32-bit Redis, an attacker can use the *BIT* command and the proto-max-bulk-len configuration parameter when the Redis has unauthorized access, which may cause an outbound traffic overflow and lead to remote code execution. This vulnerability is at a high risk level. It should be noted that the security vulnerability of open-source Redis does not affect any instances of Huawei cloud GaussDB(for Redis) on the live network. Users who are already using Huawei Cloud GaussDB(for Redis) should continue to use it at ease.
Through this vulnerability, it can be found that there are problems in the code implementation of open source Redis for BITFIELD and other commands, resulting in hidden security risks in the operation of string data type. Integer overflow bugs can be triggered maliciously at any time, even by malicious execution of remote code. Therefore, it gives hackers a chance to exploit it. The code fix for this vulnerability has been released. Users are advised to upgrade to the open source Reddis6.2.5, 6.0.15 and 5.0.13 security versions as soon as possible.
So how do you nip in the bud for such database security holes?
Database vulnerability is a kind of software vulnerability, which is mainly used to break through the security policy of the system. Database vulnerabilities often affect a large range, in addition to the impact of the database itself, but also including the database operating system and the overall security of the LAN database. Generally speaking, the precautionary and remedial measures are: 1. Follow the official notification, check and upgrade the database to the security version. In this vulnerability event, open source Redis users should complete the upgrade as soon as possible; 2. If the upgrade fails for a short time, enable access restriction on the server and disable dangerous commands. 3. Security policies such as whitelist access to IP addresses increase the difficulty of intrusion. 4. Select a reliable cloud service provider, such as huawei cloud database GaussDB(for Redis), to ensure data security and reliability.
Huawei Cloud GaussDB(forRedis) eliminates security vulnerabilities at source
1. New data coding is more secure: Huawei cloud database GaussDB(for Redis) adopts the advanced architecture of separation of storage and computing, is compatible with the Redis protocol, and provides persistent storage of massive data. Fully self – developed in the code implementation, using new data coding, more efficient, space utilization is also higher. The internal implementation of each command does not depend on open source Redis and therefore is not affected by security vulnerabilities such as this one.
2. Comprehensive security protection system: Based on the reliable live network security system of huawei Cloud, users of GaussDB(forRedis) can formulate their own whitelist IP access policies at any time. In addition, the multi-layer security protection system, such as virtual private cloud, subnet, security group, DDoS protection, and SSL security access, effectively protects against various malicious attacks, ensuring data security, and leaving no opportunity for malicious access from unknown sources.
Without worry, GaussDB(forRedis) provides one-stop migration service
Huawei cloud database GaussDB(forRedis) is a self-developed flagship product. It is a NoSQL database that supports the Redis protocol, rather than a cache. The biggest difference with open source Redis is that it has a separation of memory and computing architecture, providing powerful data storage capabilities, including strong consistency, flexible scalability and other advanced features. GaussDB(for Redis) provides users with an excellent product experience with lower cost, larger capacity, higher reliability, and elastic scalability.
For users who are using the open source Redis2.6 or higher versions, GaussDB(for Redis) also provides one-stop migration service, which requires no technical threshold, simple and fast operation, and only takes minutes to set up the migration task, enabling the whole environment to build “efficient and fast”, and escort enterprises on the cloud without security concerns.
With the continuous improvement of data value, as the carrier of massive data, the database needs to face security risks and risks are also rising. However, both DBA and cloud service manufacturers should establish a good security awareness to better guarantee the security of the database. Huawei Cloud Database will continue to meet the security protection requirements of different databases, provide strong support for the construction and development of databases and data security, and enable users to use data more freely and securely.
Click follow to learn about the fresh technologies of Huawei Cloud