Help Center > > User Guide> Managing an Existing Cluster> MRS Patch Description> Fixed the Privilege Escalation Vulnerability of User omm

Fixed the Privilege Escalation Vulnerability of User omm

Updated at: Sep 02, 2021 GMT+08:00

Applicable Version

All MRS versions

Resolved Issue

Rectify the issue that user omm can use the installSudoExecute.sh script to obtain the permission of user root.

Structure of the Patch Package

  • install.sh: patch installation script.
  • ips.ini: stores the IP addresses of all nodes in the cluster. Modify this file based on the actual IP addresses of the nodes in the cluster. Each IP address occupies a line. No blank line is allowed between IP addresses. Leave a blank line at the end of the file.
  • scp-util.exp: SCP tool script.
  • ssh-util.exp: SSH tool script.
  • Sudo_Vulnerability_20210330: directory for storing the sudo_repair.sh script. You can copy the directory to the folder for running the script on each node.
  • sudo_repair.sh: script for fixing the vulnerability.
  • README.md: describes how to use the patch tool.

Installing the Patch

  1. Click the address in the corresponding area of the cluster to download the patch package.

  2. Log in to the active master node of the cluster as the root user.
  3. Upload the patch package to /root/.
  4. Run the following command to decompress the patch tool package MRS_All_Sudo_Vulnerability_20210330.tar.gz to the current directory (/root).

    tar -zxf MRS_All_Sudo_Vulnerability_20210330.tar.gz

  5. Run the following command to go to the directory where the ips.ini file is located.

    cd /root/MRS_All_Sudo_Vulnerability_20210330/

  6. Configure the IP addresses of all nodes in the cluster in the ips.ini file. Each IP address occupies a line. No blank line is allowed between IP addresses. Leave a blank line at the end of the file.
  7. Run the following script to install the patch.

    After the script is run, you need to enter the correct password of user root. If the password is incorrect, the account may be locked for 5 minutes.

    cd /root/MRS_All_Sudo_Vulnerability_20210330/

    dos2unix ./*

    chmod +x ./* -R

    sh install.sh "install"

Uninstalling a Patch

Run the following script to uninstall the patch. After the script is run, you need to enter the correct password of user root. If the password is incorrect, the account may be locked for 5 minutes during the SSH process of the script.

cd /root/MRS_All_Sudo_Vulnerability_20210330/

sh install.sh "uninstall"

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel