bevhost / rpms / mysql-mmm

Forked from rpms/mysql-mmm 6 years ago
Clone
Source Code
GIT

d84a609 Fix TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481

Authored and Committed by bevhost 6 years ago
raw patch tree parent
2 files changed. 94 lines added. 1 lines removed.
mysql-mmm-fix-cve-remote-command-injection.patch
file added
+87
mysql-mmm.spec
file modified
+7 -1 
    Fix TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481
    
    Multiple exploitable remote command injection vulnerabilities exist
    in the MySQL Master-Master Replication Manager (MMM) mmm_agentd
    daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not
    require authentication by default.  A specially crafted MMM protocol
    message can cause a shell command injection resulting in arbitrary
    command execution with the privileges of the mmm_agentd process.  An
    attacker that can initiate a TCP session with mmm_agentd can trigger
    these vulnerabilities.
file added
+87
file modified
+7 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.