A clarification about the "debian-sys-maint" vulnerability reported by AWS Marketplace

A clarification about the "debian-sys-maint" vulnerability reported by AWS Marketplace

You may have received an email from the AWS Marketplace indicating a possible vulnerability in Cloud Protection Manager. The content of that email is included at the bottom of this article.

 

IMPORTANT: Your data was not breached and is not in any danger of being breached.

 

This is a very low risk issue because: 

  1. MySQL doesn't listen to any external ports.
  2. To use this password the user needs first to connect to the CPM instance using SSH (using your private key).  If he can do that, then he can access the information in the instance anyway, and if the instance has an IAM Role applied to it, then the user can cause damage to your entire environment without the need to look in the MySQL database. Instance access must be secured regardless of CPM.
  3. All the sensitive data (passwords, secret keys) in the database is encrypted.

 

If you are concerned about this issue, you can take the following steps to change the password and delete the file:

 

mysql -u debian-sys-maint -p%oldpassword%

(replace %oldpassword% with the password listed in /etc/mysql/debian.cnf)

 

SET PASSWORD = PASSWORD('%newpassword%');

(replace %newpassword% with the  new password)

 

exit

(to exit from MySQL)

 

sudo rm /etc/mysql/debian.cnf

 Now the password is no longer the default one, and it's not contained in clear text form anywhere.


========================================================================

Please note that if you receive error 1045:
mysql -u debian-sys-maint -p%<passwoprd>%
ERROR 1045 (28000): Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)

You can upgrade to v2.1.3c, and it will resolve this issue completely without any involvement from you.
Please use the upgrade instructions in chapter 1.5.5 "Upgrading the CPM Server Instance" in our User Guide at  http://www.n2ws.com/images/PDF/CPMUserGuide.pdf
========================================================================

CPM doesn't use this file, user "debian-sys-maint" is managed by the MySQL update process.

Please note that if you will run "sudo apt-get dist-upgrade" in the future, this file may be recreated by Ubuntu (with a new random password), and you may have to repeat this procedure again.

 

In CPM versions newer than 2.1.3b, this file doesn't exist by default, but can still be created by "sudo apt-get dist-upgrade"

 

 

Email sent from AWS Marketplace:

 

Dear AWS Marketplace Subscriber, 

 

We are writing to notify you that we have recently identified the presence of a password in the following product you have subscribed to:

Cloud Protection Manager Free Trial &amp; BYOL Edition

 

The password for the MySQL user "debian-sys-maint" can be found in the following location: /etc/mysql/debian.cnf

 

As of Oct 20th, we have identified that you have running instances of the above product. If you have not already done so, we highly recommend you reset this password.

 

If you have additional questions about your software please contact N2W Software directly at: http://www.n2ws.com/support/support.html

 

Thank you,

 

--The AWS Marketplace Team

https://aws.amazon.com/marketplace