mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Fix memcached unserialize vulnerability (#14459)
Allows code injection, so remove it entirely. This requires a memcached application script to restore functionality. https://github.com/librenms/librenms-agent/pull/428
This commit is contained in:
@@ -909,10 +909,10 @@ pass .1.3.6.1.4.1.3582 /usr/sbin/lsi_mrdsnmpmain
|
||||
### SNMP Extend
|
||||
|
||||
1. Copy the [memcached
|
||||
script](https://github.com/librenms/librenms-agent/blob/master/agent-local/memcached)
|
||||
script](https://github.com/librenms/librenms-agent/blob/master/snmp/memcached)
|
||||
to `/etc/snmp/` on your remote server.
|
||||
```
|
||||
wget https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/memcached -O /etc/snmp/memcached
|
||||
wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/memcached -O /etc/snmp/memcached
|
||||
```
|
||||
|
||||
2. Make the script executable:
|
||||
|
@@ -1,20 +1,25 @@
|
||||
<?php
|
||||
|
||||
use LibreNMS\Exceptions\JsonAppException;
|
||||
use LibreNMS\RRD\RrdDefinition;
|
||||
|
||||
$name = 'memcached';
|
||||
|
||||
if (! empty($agent_data['app']['memcached'])) {
|
||||
$data = $agent_data['app']['memcached'][$app['app_instance']];
|
||||
$data = $agent_data['app']['memcached'];
|
||||
} else {
|
||||
$oid = '.1.3.6.1.4.1.8072.1.3.2.3.1.2.9.109.101.109.99.97.99.104.101.100';
|
||||
$result = snmp_get($device, $oid, '-Oqv');
|
||||
$data = trim($result, '"');
|
||||
$data = unserialize(stripslashes(str_replace("<<<app-memcached>>>\n", '', $data)));
|
||||
$data = reset($data);
|
||||
}
|
||||
try {
|
||||
$data = json_app_get($device, $name, '1.1')['data'];
|
||||
$data = $data['data'][$app->app_instance] ?? reset($data['data']);
|
||||
} catch (JsonAppException $e) {
|
||||
echo PHP_EOL . $name . ':' . $e->getCode() . ':' . $e->getMessage() . PHP_EOL;
|
||||
update_application($app, $e->getCode() . ':' . $e->getMessage(), []); // Set empty metrics and error message
|
||||
|
||||
echo ' memcached(' . $app['app_instance'] . ')';
|
||||
return;
|
||||
}
|
||||
}
|
||||
echo ' memcached(' . $app->app_instance . ')';
|
||||
$data = $data[$app->app_instance] ?? reset($data); // specified instance or just the first one
|
||||
|
||||
$rrd_name = ['app', $name, $app->app_id];
|
||||
$rrd_def = RrdDefinition::make()
|
||||
|
@@ -159,7 +159,7 @@ if ($device['os_group'] == 'unix' || $device['os'] == 'windows') {
|
||||
|
||||
// memcached
|
||||
if (! empty($agent_data['app']['memcached'])) {
|
||||
$agent_data['app']['memcached'] = unserialize($agent_data['app']['memcached']);
|
||||
$agent_data['app']['memcached'] = json_decode($agent_data['app']['memcached'], true);
|
||||
foreach ($agent_data['app']['memcached'] as $memcached_host => $memcached_data) {
|
||||
if (dbFetchCell('SELECT COUNT(*) FROM `applications` WHERE `device_id` = ? AND `app_type` = ? AND `app_instance` = ?', [$device['device_id'], 'memcached', $memcached_host]) == '0') {
|
||||
echo "Found new application 'Memcached' $memcached_host\n";
|
||||
|
@@ -88,5 +88,10 @@
|
||||
<description>Adsl statistics are now discovered and polled in a new module. Vdsl stats were also added. `lnms config:set enable_ports_adsl true`is not supported anymore. See https://github.com/librenms/librenms/pull/14207 for more information.</description>
|
||||
<pubDate>Wed, 7 Sept 2022 18:00:00 +0000</pubDate>
|
||||
</item>
|
||||
<item>
|
||||
<title>Memcached application compatibility break</title>
|
||||
<description>Due to a security vulnerability, you must upgrade your memcached application scripts to the latest version. (1.1)</description>
|
||||
<pubDate>Fri, 10 Oct 2022 18:00:00 +0000</pubDate>
|
||||
</item>
|
||||
</channel>
|
||||
</rss>
|
||||
|
Reference in New Issue
Block a user