Bug 985499 - (CVE-2013-3969) CVE-2013-3969 MongoDB: remote code execution via javascript
CVE-2013-3969 MongoDB: remote code execution via javascript
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20130704,repo...
: Security
Depends On: 988670 988674
Blocks: 985508
  Show dependency treegraph
 
Reported: 2013-07-17 11:47 EDT by Vincent Danen
Modified: 2014-05-03 01:47 EDT (History)
30 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-05-03 01:47:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2013-07-17 11:47:16 EDT
Similar to CVE-2013-1892, it was reported [1] that MongoDB suffers from remote code execution   This flaw requires read-write access to the MongoDB database to execute arbitrary code; however it looks as though read-only access could be used to cause the database to crash.

It is unknown whether this flaw was introduced in 2.2.3 with the change to using the V8 Javascript engine, or if it also affects earlier versions.


[1] http://blog.scrt.ch/2013/06/04/mongodb-rce-by-databasespraying/
Comment 1 Vincent Danen 2013-07-17 11:54:15 EDT
CVE request is here:

http://openwall.com/lists/oss-security/2013/07/17/2

At least 2.2.3 through to and including 2.4.4 are vulnerable.  Upstream has indicated that they are currently working on a fix.
Comment 2 Jan Lieskovsky 2013-07-18 09:42:40 EDT
The CVE identifier of CVE-2013-4142 has been assigned to this issue:
  http://www.openwall.com/lists/oss-security/2013/07/18/2
Comment 5 Vincent Danen 2013-08-02 13:23:29 EDT
This was improperly assigned CVE-2013-4142, it should be CVE-2013-3969 instead as per http://www.openwall.com/lists/oss-security/2013/07/30/10

Note You need to log in before you can comment on or make changes to this bug.