This update adds data sanitization to inputs for the mmm agent.
Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger these vulnerabilities.
The impact of these vulnerabilities can be lessened by configuring mmm_agentd to require TLS mutual authentication and by using network ACLs to prevent hosts other than legitimate mmm_mond hosts from accessing mmm_agentd.
For example on Linux iptables rules can be used to block access to the port mmm_agent is listening on from all hosts except the mmm_monitor.
The configuration of ssl can be used where firewall rules are not practical. See Socket Documentation http://mysql-mmm.org/mysql-mmm.html#SEC58
Add to mmm_common.conf
<socket> type ssl cert_file /etc/ssl/certs/www.example.com.bundle.crt key_file /etc/ssl/certs/www.example.com.key ca_file /etc/ssl/certs/ca-bundle.crt # or ca-certificates.crt </socket>
Now only those with access to the private key can send commands. Whilst your web server certificate will do the job, you may consider registering a dedicated certificate just for this task.
NOTE: By now there are a some good alternatives to MySQL-MMM. Maybe you want to check out Galera Cluster which is part of MariaDB Galera Cluster and Percona XtraDB Cluster.
Please login to add feedback.
|submitted||a year ago|
|in testing||a year ago|
|in stable||a year ago|
|0||0||#1575161 Invalid bug number|