Werk #3743: mk_jolokia: Fix possible code injection

KomponenteChecks & Agents
Titelmk_jolokia: Fix possible code injection
Datum2016-08-25 09:58:13
Check_MK EditionCheck_MK Raw Edition (CRE)
Check_MK Version1.4.0i1,1.2.8p10
LevelTrivial Change
KlasseSecurity Fix
KompatibilitätIncompatible - Manual interaction might be required

The plugin now requires either the json or simplejson python library to work.

Python 2.6 or higher ships with json, in this case, the plugin will work just as before.

simplejson is available for Python 2.5 and higher, installation of this package is required for the plugin to work.

Older python versions are not supported, please query your Jolokia instances from another host in these cases (recommended) or continue to use the old version of the plugin. (not recommended)

In absence of the json or simplejson python libraries, the mk_jolokia plugin would previously try to parse the Jolokia response with python eval(), allowing a MITM attacker to inject arbitrary code.