Fix memcached unserialize vulnerability (#14459)

Allows code injection, so remove it entirely.
This requires a memcached application script to restore functionality.

https://github.com/librenms/librenms-agent/pull/428
This commit is contained in:
Tony Murray
2022-10-16 11:15:17 -05:00
committed by GitHub
parent 8e85698aa3
commit ae3925b09a
4 changed files with 21 additions and 11 deletions

View File

@@ -909,10 +909,10 @@ pass .1.3.6.1.4.1.3582 /usr/sbin/lsi_mrdsnmpmain
### SNMP Extend
1. Copy the [memcached
script](https://github.com/librenms/librenms-agent/blob/master/agent-local/memcached)
script](https://github.com/librenms/librenms-agent/blob/master/snmp/memcached)
to `/etc/snmp/` on your remote server.
```
wget https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/memcached -O /etc/snmp/memcached
wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/memcached -O /etc/snmp/memcached
```
2. Make the script executable:

View File

@@ -1,20 +1,25 @@
<?php
use LibreNMS\Exceptions\JsonAppException;
use LibreNMS\RRD\RrdDefinition;
$name = 'memcached';
if (! empty($agent_data['app']['memcached'])) {
$data = $agent_data['app']['memcached'][$app['app_instance']];
$data = $agent_data['app']['memcached'];
} else {
$oid = '.1.3.6.1.4.1.8072.1.3.2.3.1.2.9.109.101.109.99.97.99.104.101.100';
$result = snmp_get($device, $oid, '-Oqv');
$data = trim($result, '"');
$data = unserialize(stripslashes(str_replace("<<<app-memcached>>>\n", '', $data)));
$data = reset($data);
}
try {
$data = json_app_get($device, $name, '1.1')['data'];
$data = $data['data'][$app->app_instance] ?? reset($data['data']);
} catch (JsonAppException $e) {
echo PHP_EOL . $name . ':' . $e->getCode() . ':' . $e->getMessage() . PHP_EOL;
update_application($app, $e->getCode() . ':' . $e->getMessage(), []); // Set empty metrics and error message
echo ' memcached(' . $app['app_instance'] . ')';
return;
}
}
echo ' memcached(' . $app->app_instance . ')';
$data = $data[$app->app_instance] ?? reset($data); // specified instance or just the first one
$rrd_name = ['app', $name, $app->app_id];
$rrd_def = RrdDefinition::make()

View File

@@ -159,7 +159,7 @@ if ($device['os_group'] == 'unix' || $device['os'] == 'windows') {
// memcached
if (! empty($agent_data['app']['memcached'])) {
$agent_data['app']['memcached'] = unserialize($agent_data['app']['memcached']);
$agent_data['app']['memcached'] = json_decode($agent_data['app']['memcached'], true);
foreach ($agent_data['app']['memcached'] as $memcached_host => $memcached_data) {
if (dbFetchCell('SELECT COUNT(*) FROM `applications` WHERE `device_id` = ? AND `app_type` = ? AND `app_instance` = ?', [$device['device_id'], 'memcached', $memcached_host]) == '0') {
echo "Found new application 'Memcached' $memcached_host\n";

View File

@@ -88,5 +88,10 @@
<description>Adsl statistics are now discovered and polled in a new module. Vdsl stats were also added. `lnms config:set enable_ports_adsl true`is not supported anymore. See https://github.com/librenms/librenms/pull/14207 for more information.</description>
<pubDate>Wed, 7 Sept 2022 18:00:00 +0000</pubDate>
</item>
<item>
<title>Memcached application compatibility break</title>
<description>Due to a security vulnerability, you must upgrade your memcached application scripts to the latest version. (1.1)</description>
<pubDate>Fri, 10 Oct 2022 18:00:00 +0000</pubDate>
</item>
</channel>
</rss>