mysql-mmm

Merge lp:~dage/mysql-mmm/cve-fix into lp:mysql-mmm

  1. cve-fix
  2. Merge into trunk-2.x
Proposed by David Beveridge
Status: Merged
Merged at revision: 149
Proposed branch: lp:~dage/mysql-mmm/cve-fix
Merge into: lp:mysql-mmm
Prerequisite: lp:~dage/mysql-mmm/fix-net-arp
Diff against target: 85 lines (+21/-1)
4 files modified
lib/Agent/Helpers.pm (+4/-0)
lib/Agent/Helpers/Network.pm (+15/-0)
lib/Common/Role.pm (+1/-1)
lib/Common/Socket.pm (+1/-0)
To merge this branch: bzr merge lp:~dage/mysql-mmm/cve-fix
Reviewer Review Type Date Requested Status
David Beveridge Approve
Review via email: mp+345119@code.launchpad.net

Commit message

Fix for TALOS-2017-0501; CVE-2017-14474 - CVE-2017-14481

Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities

Multiple exploitable remote command injection vulnerabilities exist
in the MySQL Master-Master Replication Manager (MMM) mmm_agentd
daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not
require authentication by default. A specially crafted MMM protocol
message can cause a shell command injection resulting in arbitrary
command execution with the privileges of the mmm_agentd process. An
attacker that can initiate a TCP session with mmm_agentd can trigger
these vulnerabilities.

To post a comment you must log in.
Revision history for this message
David Beveridge (dage) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/Agent/Helpers.pm'
2--- lib/Agent/Helpers.pm 2018-05-04 22:53:37 +0000
3+++ lib/Agent/Helpers.pm 2018-05-04 22:53:37 +0000
4@@ -168,6 +168,10 @@
5 my $config_file = $main::agent->config_file;
6 $params = '' unless defined($params);
7
8+ if ($params !~ /^[\w\. \:\-]*$/) {
9+ _exit_error("ERROR: Invalid Parameter");
10+ }
11+
12 DEBUG "Executing $path $config_file $params";
13 my $res = `$path $config_file $params 2>&1`;
14
15
16=== modified file 'lib/Agent/Helpers/Network.pm'
17--- lib/Agent/Helpers/Network.pm 2018-05-04 22:53:37 +0000
18+++ lib/Agent/Helpers/Network.pm 2018-05-04 22:53:37 +0000
19@@ -33,6 +33,10 @@
20 my $if = shift;
21 my $ip = shift;
22
23+ if ($ip !~ /^[\d\.]*$/) {
24+ _exit_error("ERROR: Invalid IP Address");
25+ }
26+
27 my $output;
28 if ($OSNAME eq 'linux') {
29 $output = `/sbin/ip addr show dev $if`;
30@@ -65,6 +69,10 @@
31 my $if = shift;
32 my $ip = shift;
33
34+ if ($ip !~ /^[\d\.]*$/) {
35+ _exit_error("ERROR: Invalid IP Address");
36+ }
37+
38 my $output;
39 if ($OSNAME eq 'linux') {
40 $output = `/sbin/ip addr add $ip/32 dev $if`;
41@@ -101,6 +109,10 @@
42 my $if = shift;
43 my $ip = shift;
44
45+ if ($ip !~ /^[\d\.]*$/) {
46+ _exit_error("ERROR: Invalid IP Address");
47+ }
48+
49 my $output;
50 if ($OSNAME eq 'linux') {
51 $output = `/sbin/ip addr del $ip/32 dev $if`;
52@@ -130,6 +142,9 @@
53 my $if = shift;
54 my $ip = shift;
55
56+ if ($ip !~ /^[\d\.]*$/) {
57+ _exit_error("ERROR: Invalid IP Address");
58+ }
59
60 if ($OSNAME eq 'linux' || $OSNAME eq 'freebsd') {
61 my $mac = '';
62
63=== modified file 'lib/Common/Role.pm'
64--- lib/Common/Role.pm 2008-12-21 20:54:31 +0000
65+++ lib/Common/Role.pm 2018-05-04 22:53:37 +0000
66@@ -59,7 +59,7 @@
67 my $class = shift;
68 my $string = shift;
69
70- if (my ($name, $ip) = $string =~ /(.*)\((.*)\)/) {
71+ if (my ($name, $ip) = $string =~ /^([\w_\.\-]+)\(([\d\.]+)\)$/) {
72 return $class->new(name => $name, ip => $ip);
73 }
74 return undef;
75
76=== modified file 'lib/Common/Socket.pm'
77--- lib/Common/Socket.pm 2009-01-14 20:28:20 +0000
78+++ lib/Common/Socket.pm 2018-05-04 22:53:37 +0000
79@@ -80,6 +80,7 @@
80 SSL_cert_file => $main::config->{'socket'}->{cert_file},
81 SSL_key_file => $main::config->{'socket'}->{key_file},
82 SSL_ca_file => $main::config->{'socket'}->{ca_file},
83+ SSL_verify_mode => 0x03 # SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
84 );
85 }
86

Subscribers

People subscribed via source and target branches