Detections
Analytics
Fedora 27 : mysql-mmm (2018-e31f52c5ee)
high Nessus Plugin ID 109825
Language:
Synopsis
The remote Fedora host is missing a security update.Description
# Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection VulnerabilitiesThis update adds data sanitization to inputs for the mmm agent.
Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger these vulnerabilities.
The impact of these vulnerabilities can be lessened by configuring mmm_agentd to require TLS mutual authentication and by using network ACLs to prevent hosts other than legitimate mmm_mond hosts from accessing mmm_agentd.
For example on Linux iptables rules can be used to block access to the port mmm_agent is listening on from all hosts except the mmm_monitor.
The configuration of ssl can be used where firewall rules are not practical. See Socket Documentation http://mysql-mmm.org/mysql-mmm.html#SEC58
Add to mmm_common.conf
<socket> type ssl cert_file /etc/ssl/certs/www.example.com.bundle.crt key_file /etc/ssl/certs/www.example.com.key ca_file /etc/ssl/certs/ca-bundle.crt # or ca-certificates.crt </socket>
Now only those with access to the private key can send commands.
Whilst your web server certificate will do the job, you may consider registering a dedicated certificate just for this task.
NOTE: By now there are a some good alternatives to MySQL-MMM. Maybe you want to check out Galera Cluster which is part of MariaDB Galera Cluster and Percona XtraDB Cluster.
- http://mysql-mmm.org
- http://galeracluster.com/
- https://mariadb.com/kb/en/library/what-is-mariadb-galera-cluster/
- https://www.percona.com/software/mysql-database/percona-xtradb-cluster
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected mysql-mmm package.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e31f52c5ee
Plugin Details
Severity: High
ID: 109825
File Name: fedora_2018-e31f52c5ee.nasl
Version: 1.4
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 5/16/2018
Updated: 1/6/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:mysql-mmm, cpe:/o:fedoraproject:fedora:27
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 5/15/2018
Vulnerability Publication Date: 5/15/2018
Reference Information
FEDORA: 2018-e31f52c5ee