Fixed the Privilege Escalation Vulnerability of User omm

Applicable Version

All MRS versions

Resolved Issue

Rectify the issue that user omm can use the installSudoExecute.sh script to obtain the permission of user root.

Structure of the Patch Package

install.sh: patch installation script.
ips.ini: stores the IP addresses of all nodes in the cluster. Modify this file based on the actual IP addresses of the nodes in the cluster. Each IP address occupies a line. No blank line is allowed between IP addresses. Leave a blank line at the end of the file.
scp-util.exp: SCP tool script.
ssh-util.exp: SSH tool script.
Sudo_Vulnerability_20210330: directory for storing the sudo_repair.sh script. You can copy the directory to the folder for running the script on each node.
sudo_repair.sh: script for fixing the vulnerability.
README.md: describes how to use the patch tool.

Installing the Patch

Click the address in the corresponding area of the cluster to download the patch package.
Log in to the active master node of the cluster as the root user.
Upload the patch package to /root/.
Run the following command to decompress the patch tool package MRS_All_Sudo_Vulnerability_20210330.tar.gz to the current directory (/root).
tar -zxf MRS_All_Sudo_Vulnerability_20210330.tar.gz
Run the following command to go to the directory where the ips.ini file is located.
cd /root/MRS_All_Sudo_Vulnerability_20210330/
Configure the IP addresses of all nodes in the cluster in the ips.ini file. Each IP address occupies a line. No blank line is allowed between IP addresses. Leave a blank line at the end of the file.
Run the following script to install the patch.
After the script is run, you need to enter the correct password of user root. If the password is incorrect, the account may be locked for 5 minutes.

cd /root/MRS_All_Sudo_Vulnerability_20210330/

dos2unix ./*

chmod +x ./* -R

sh install.sh "install"

Uninstalling a Patch

Run the following script to uninstall the patch. After the script is run, you need to enter the correct password of user root. If the password is incorrect, the account may be locked for 5 minutes during the SSH process of the script.

cd /root/MRS_All_Sudo_Vulnerability_20210330/

sh install.sh "uninstall"

Parent topic: MRS Patch Description

Previous topic: MRS Patch Description

Next topic: MRS 3.2.0-LTS.1 Patch Description

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel