NicoleG25
commented
3 years ago Hi @d1str0, do you happen to know if this issue was ever addressed? please note that it was assigned CVE-2020-29069
Thanks in advance !
Open FreddyMa1210 opened 3 years ago
NicoleG25
commented
3 years ago Hi @d1str0, do you happen to know if this issue was ever addressed? please note that it was assigned CVE-2020-29069
Thanks in advance !
At one day, my MHN Web page can not open but all service is well . So I try to find the reason and this is the reason as following. If there is one IP address not in "GeoLite2-City.mmdb", then the ISO country code will return "None". When the code is "None", then the MHN Web can not generate icon path and the system will be crashed.
Code: "mhn/server/mhn/ui/utils.py"
At function "_get_flag_ip_localdb" in line 61 if it work it can get IP ISO Code, but if IP has no record in "GeoLite2-City.mmdb" it will return None.
Next, line 67 can not use "upper function" to the IP ISO code. If the page need to show the country icon (Like Dashboard, Attack List...etc), then the page will be crashed.
There is the crash log in "/var/log/mhn/mhn-uwsgi.err".
My case "IP 35[.]204[.]67[.]211" has no record in "GeoLite2-City.mmdb" (MD5: fd258548621120622e757631ef94f2cb).
So, I insert an "if" statement in "_get_flag_ip_localdb" to fix it.
Now there will log the error in "/var/log/mhn/mhn-uwsgi.err" and page can show perfectly.
So if use a special IP address to connect honeypot, then it can do the "DoS attack" to MHN system.