Merge lp:~dage/mysql-mmm/cve-fix into lp:mysql-mmm
Proposed by
David Beveridge
Status: | Merged |
---|---|
Merged at revision: | 149 |
Proposed branch: | lp:~dage/mysql-mmm/cve-fix |
Merge into: | lp:mysql-mmm |
Prerequisite: | lp:~dage/mysql-mmm/fix-net-arp |
Diff against target: |
85 lines (+21/-1) 4 files modified
lib/Agent/Helpers.pm (+4/-0) lib/Agent/Helpers/Network.pm (+15/-0) lib/Common/Role.pm (+1/-1) lib/Common/Socket.pm (+1/-0) |
To merge this branch: | bzr merge lp:~dage/mysql-mmm/cve-fix |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
David Beveridge | Approve | ||
Review via email: mp+345119@code.launchpad.net |
Commit message
Fix for TALOS-2017-0501; CVE-2017-14474 - CVE-2017-14481
Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities
Multiple exploitable remote command injection vulnerabilities exist
in the MySQL Master-Master Replication Manager (MMM) mmm_agentd
daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not
require authentication by default. A specially crafted MMM protocol
message can cause a shell command injection resulting in arbitrary
command execution with the privileges of the mmm_agentd process. An
attacker that can initiate a TCP session with mmm_agentd can trigger
these vulnerabilities.
To post a comment you must log in.