Security Advisory
- Keywords:
- Last updated by:
- David Beveridge
Publication Date 2018-05-07
TALOS-2017-0501
CVE-2017-14474 - CVE-2017-14481
Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities
Multiple exploitable remote command injection vulnerabilities exist
in the MySQL Master-Master Replication Manager (MMM) mmm_agentd
daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not
require authentication by default. A specially crafted MMM protocol
message can cause a shell command injection resulting in arbitrary
command execution with the privileges of the mmm_agentd process. An
attacker that can initiate a TCP session with mmm_agentd can trigger
these vulnerabilities.
The impact of these vulnerabilities can be lessened by configuring
mmm_agentd to require TLS mutual authentication and by using network
ACLs to prevent hosts other than legitimate mmm_mond hosts from
accessing mmm_agentd.
For example on Linux iptables rules can be used to block access to the
port mmm_agent is listening on from all hosts except the mmm_monitor.
The configuration of ssl can be used where firewall rules are not practical.
See Socket Documentation http://
Add to mmm_common.conf
<socket>
type ssl
cert_file /etc/ssl/
key_file /etc/ssl/
ca_file /etc/ssl/
</socket>
Now only those with access to the private key can send commands.
Whilst your web server certificate will do the job, you may consider
registering a dedicated certificate just for this task.
NOTE: By now there are a some good alternatives to MySQL-MMM.
Maybe you want to check out Galera Cluster which is part
of MariaDB Galera Cluster and Percona XtraDB Cluster.
http://
http://
https:/
https:/
