Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities
Bug #1736962 reported by
Talos Security Advisory
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-mmm |
Fix Released
|
High
|
David Beveridge |
Bug Description
Multiple exploitable remote command injection vulnerabilities exist
in the MySQL Master-Master Replication Manager (MMM) mmm_agentd
daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not
require authentication by default.
Related branches
lp:~dage/mysql-mmm/cve-fix
- David Beveridge: Approve
-
Diff: 85 lines (+21/-1)4 files modifiedlib/Agent/Helpers.pm (+4/-0)
lib/Agent/Helpers/Network.pm (+15/-0)
lib/Common/Role.pm (+1/-1)
lib/Common/Socket.pm (+1/-0)
CVE References
Changed in mysql-mmm: | |
importance: | Undecided → High |
information type: | Private Security → Public |
Changed in mysql-mmm: | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
This issue is beyond 90 days. Will it be assigned?