Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)
From: cve-assign () mitre org
Date: Tue, 7 Jan 2014 17:15:11 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is a memory over-read bug that can be used by an authenticated
user (if applicable) to obtain raw MongoDB server process memory
contents via incorrect BSON object length.  I guess that under most
deployments this does not cross a security boundary, but for some it
could (differently-privileged MongoDB users, data already deleted from
the DB yet staying in process memory, or/and metadata that is not
normally retrievable).

Use CVE-2012-6619.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSzHs8AAoJEKllVAevmvmssI8H/3aRWpV8sFg4JI7QNRtvaFKx
vabdt8Yy97/6Yiaa3GbB7UzbI4YSBkMC00ikwG9urbbOden7FWgGZx94EbAn0jag
v+EnbYkHp2eNBR69c9C1px76hYSAi2SimsqSaJEzkRvWGz8xRhF1L7FuUZPaw7x0
lBpG9gxxaLfrBDPpwAV5WKsSU4vxOqNIoJV17onVCe7eihRbY8THn6raCUUtNIYt
ZUPLqoijx5ZwWuz7F+W8BxV9m27kXuU7F/vWv4U6FBGg3O/2aBCGId/GNTgXvjVJ
VIupOHBtynG1flDmtXyPsnXNChGZGhJe7RuRoUkEDb7DWKazyQpjvxTGciOAHg8=
=dzbh
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault