| |
@@ -0,0 +1,87 @@
|
| |
+ diff --git a/lib/Agent/Helpers.pm b/lib/Agent/Helpers.pm
|
| |
+ index 24caae8..c0155e4 100644
|
| |
+ --- a/lib/Agent/Helpers.pm
|
| |
+ +++ b/lib/Agent/Helpers.pm
|
| |
+ @@ -168,6 +168,10 @@ sub _execute($$$) {
|
| |
+ my $config_file = $main::agent->config_file;
|
| |
+ $params = '' unless defined($params);
|
| |
+
|
| |
+ + if ($params !~ /^[\w\. \:\-]*$/) {
|
| |
+ + _exit_error("ERROR: Invalid Parameter");
|
| |
+ + }
|
| |
+ +
|
| |
+ DEBUG "Executing $path $config_file $params";
|
| |
+ my $res = `$path $config_file $params 2>&1`;
|
| |
+
|
| |
+ diff --git a/lib/Agent/Helpers/Network.pm b/lib/Agent/Helpers/Network.pm
|
| |
+ index 8ef4468..b0d5a8b 100644
|
| |
+ --- a/lib/Agent/Helpers/Network.pm
|
| |
+ +++ b/lib/Agent/Helpers/Network.pm
|
| |
+ @@ -33,6 +33,10 @@ sub check_ip($$) {
|
| |
+ my $if = shift;
|
| |
+ my $ip = shift;
|
| |
+
|
| |
+ + if ($ip !~ /^[\d\.]*$/) {
|
| |
+ + _exit_error("ERROR: Invalid IP Address");
|
| |
+ + }
|
| |
+ +
|
| |
+ my $output;
|
| |
+ if ($OSNAME eq 'linux') {
|
| |
+ $output = `/sbin/ip addr show dev $if`;
|
| |
+ @@ -65,6 +69,10 @@ sub add_ip($$) {
|
| |
+ my $if = shift;
|
| |
+ my $ip = shift;
|
| |
+
|
| |
+ + if ($ip !~ /^[\d\.]*$/) {
|
| |
+ + _exit_error("ERROR: Invalid IP Address");
|
| |
+ + }
|
| |
+ +
|
| |
+ my $output;
|
| |
+ if ($OSNAME eq 'linux') {
|
| |
+ $output = `/sbin/ip addr add $ip/32 dev $if`;
|
| |
+ @@ -101,6 +109,10 @@ sub clear_ip($$) {
|
| |
+ my $if = shift;
|
| |
+ my $ip = shift;
|
| |
+
|
| |
+ + if ($ip !~ /^[\d\.]*$/) {
|
| |
+ + _exit_error("ERROR: Invalid IP Address");
|
| |
+ + }
|
| |
+ +
|
| |
+ my $output;
|
| |
+ if ($OSNAME eq 'linux') {
|
| |
+ $output = `/sbin/ip addr del $ip/32 dev $if`;
|
| |
+ @@ -130,6 +142,9 @@ sub send_arp($$) {
|
| |
+ my $if = shift;
|
| |
+ my $ip = shift;
|
| |
+
|
| |
+ + if ($ip !~ /^[\d\.]*$/) {
|
| |
+ + _exit_error("ERROR: Invalid IP Address");
|
| |
+ + }
|
| |
+
|
| |
+ if ($OSNAME eq 'linux' || $OSNAME eq 'freebsd') {
|
| |
+ my $mac = '';
|
| |
+ diff --git a/lib/Common/Role.pm b/lib/Common/Role.pm
|
| |
+ index 7cd4dc9..211ab5f 100644
|
| |
+ --- a/lib/Common/Role.pm
|
| |
+ +++ b/lib/Common/Role.pm
|
| |
+ @@ -59,7 +59,7 @@ sub from_string($$) {
|
| |
+ my $class = shift;
|
| |
+ my $string = shift;
|
| |
+
|
| |
+ - if (my ($name, $ip) = $string =~ /(.*)\((.*)\)/) {
|
| |
+ + if (my ($name, $ip) = $string =~ /^([\w_\.\-]+)\(([\d\.]+)\)$/) {
|
| |
+ return $class->new(name => $name, ip => $ip);
|
| |
+ }
|
| |
+ return undef;
|
| |
+ diff --git a/lib/Common/Socket.pm b/lib/Common/Socket.pm
|
| |
+ index 6adecd1..38e1f7b 100644
|
| |
+ --- a/lib/Common/Socket.pm
|
| |
+ +++ b/lib/Common/Socket.pm
|
| |
+ @@ -80,6 +80,7 @@ sub create_sender($$$) {
|
| |
+ SSL_cert_file => $main::config->{'socket'}->{cert_file},
|
| |
+ SSL_key_file => $main::config->{'socket'}->{key_file},
|
| |
+ SSL_ca_file => $main::config->{'socket'}->{ca_file},
|
| |
+ + SSL_verify_mode => 0x03 # SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
|
| |
+ );
|
| |
+ }
|
| |
+
|
| |
Multiple exploitable remote command injection vulnerabilities exist
in the MySQL Master-Master Replication Manager (MMM) mmm_agentd
daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not
require authentication by default. A specially crafted MMM protocol
message can cause a shell command injection resulting in arbitrary
command execution with the privileges of the mmm_agentd process. An
attacker that can initiate a TCP session with mmm_agentd can trigger
these vulnerabilities.