CVE-2012-6619

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://blog.ptsecurity.com/2012/11/attacking-mongodb.html	Exploit
http://rhn.redhat.com/errata/RHSA-2014-0230.html
http://rhn.redhat.com/errata/RHSA-2014-0440.html
http://www.openwall.com/lists/oss-security/2014/01/07/13
http://www.openwall.com/lists/oss-security/2014/01/07/2
http://www.openwall.com/lists/oss-security/2014/01/08/9
https://bugzilla.redhat.com/show_bug.cgi?id=1049748
https://jira.mongodb.org/browse/SERVER-7769	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb:1.2.0:::::::*
	cpe:2.3:a:mongodb:mongodb:1.4.0:::::::*
	cpe:2.3:a:mongodb:mongodb:1.6.0:::::::*
	cpe:2.3:a:mongodb:mongodb:1.8.0:::::::*
	cpe:2.3:a:mongodb:mongodb:2.0.0:::::::*
	cpe:2.3:a:mongodb:mongodb:2.0.1:::::::*
	cpe:2.3:a:mongodb:mongodb:2.0.2:::::::*
	cpe:2.3:a:mongodb:mongodb:2.0.3:::::::*
	cpe:2.3:a:mongodb:mongodb:2.0.4:::::::*
	cpe:2.3:a:mongodb:mongodb:2.0.5:::::::*
	cpe:2.3:a:mongodb:mongodb:2.0.6:::::::*
	cpe:2.3:a:mongodb:mongodb:2.0.7:::::::*
	cpe:2.3:a:mongodb:mongodb:2.0.8:::::::*
	cpe:2.3:a:mongodb:mongodb:2.2.0:::::::*
	cpe:2.3:a:mongodb:mongodb:2.2.1:::::::*
	cpe:2.3:a:mongodb:mongodb:2.2.2:::::::*
	cpe:2.3:a:mongodb:mongodb:2.2.3:::::::*
	cpe:2.3:a:mongodb:mongodb:2.2.4:::::::*
	cpe:2.3:a:mongodb:mongodb:2.2.5:::::::*
	cpe:2.3:a:mongodb:mongodb:2.2.6:::::::*
	cpe:2.3:a:mongodb:mongodb:2.2.7:::::::*
	cpe:2.3:a:mongodb:mongodb:2.3.0:::::::*

History

No history.

Information

Published : 2014-03-06 15:55

Updated : 2014-05-07 03:45

NVD link : CVE-2012-6619

Mitre link : CVE-2012-6619

CVE.ORG link : CVE-2012-6619

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-6619", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-06T15:55:28.737", "references": [{"url": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0230.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/07/13", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/07/2", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/08/9", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748", "source": "cve@mitre.org"}, {"url": "https://jira.mongodb.org/browse/SERVER-7769", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto para MongoDB anterior a 2.3.2 no valida objetos, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda) o leer la memoria del sistema a trav\u00e9s de un objeto BSON manipulado en el nombre de columna en un comando \"insert\", lo que provoca una sobrelectura de buffer."}], "lastModified": "2014-05-07T03:45:15.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94A44EAA-983E-4625-A35D-EE2FE116B3B5", "versionEndIncluding": "2.3.1"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FBA2303-8E19-415F-BD7C-B348DE0EC478"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92948672-3F39-4675-BFB1-4ACACD078CC6"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7590AB3-4433-4589-9575-647015A5DA24"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC4562CE-83D2-422C-AB94-CB0EFABC2CF8"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1B3AD0E-11F2-477E-9D18-B6A609A4C652"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA0BC4E1-4BF4-4486-829C-25AA0D01B8D0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C36D5752-589C-4323-8515-073DDF89DB9B"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F63D8331-B0E9-4571-A74C-C13D3D4A13C5"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB8EA4FF-62DB-40DA-833E-E43F64C79EC2"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "253B057C-981D-4A8C-B81E-96ACD8C5AF86"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3291EEA9-7A79-417D-98FD-1350B4A456D2"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FE04CE4-8D9F-4C56-802A-2F67DF884CDC"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02C47DC1-A725-460C-9EBB-5DAA616DF374"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E0F23FE-3AAF-4E29-AF89-C6365E839119"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37D967E7-87F2-450C-A593-0FEE0F2A9A94"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C6CD236-537A-4144-ACDF-5242D11AE34A"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE7C828E-47B2-46AB-90F1-FD9682188E45"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2EDBDF4-2F0A-409A-A881-E94AC0A77A85"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "185A7242-0393-4DE1-B781-7D3FA68750A4"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98387C88-695E-4948-9FB4-E3D5234647E4"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B093A56-8E36-47C7-BE3C-F72FAC5CEC14"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0A29408-7294-4A11-A77D-9CFCF9FD54AB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.4 /10