oss-sec mailing list archives
CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 31 May 2013 13:10:23 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 https://jira.mongodb.org/browse/PYTHON-532 Short summary: Step 1. Use Mongo as WEB SCALE DOCUMENT STORE OF CHOICE LOL Step 2. Assume basic engineering principles applied throughout due to HEAVY MARKETING SUGGESTING AWESOMENESS. Step 3. Spend 6 months fighting plebbery across the spectrum, mostly succeed. Step 4. NIGHT BEFORE INVESTOR DEMO, TRY UPLOADING SOME DATA WITH "{$ref: '#/mongodb/plebtastic'" Step 5. LOL WTF?!?!? PYMONGO CRASH?? :OOO LOOOL WEBSCALE Step 6. It's 4am now. STILL INVESTIGATING b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1196) /* Decoding for DBRefs */ Oh Mike!!! 3. ADD process_dbrefs=False TO ALL THE DRIVERS To reproduce: ? in mongo shell: db.python532.insert({x : {"$ref" : "whatever"} }); ? in python shell import pymongo pymongo.MongoClient().test.python532.find_one() Fix: https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 BTW can someone from 10gen contact me so we can start doing the CVEs for MongoDB properly? Thanks. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRqPWfAAoJEBYNRVNeJnmTOngQAMcgBc6gI2Sr78b3El4ZZ1Cx TPdez1MNZhzhK9ELhLV+fuwFVDTYNQijFDlGjJjjFICh5RPOuVUCrAVyrv1NK4HF e2CgLNAuZuG68z4byKDe7zvfftwb2NgT+9DRtye20ExYQ2KgEufrEPjLlY0BF9vu arQyye/b2InhuUx7zzNr/dPkLXRzibq+7CfbCkSQ9T4/yJ5Cjlk7ILnIPNlV/E4L 48P+fOza5JcLJs/MEInXMOhQiDQDYWn4M1gcwe4YCKbsjohAhQy9KBoFIckbLEA6 mceG+KkQmB5D/X32YGq3UMOOfPntgrvV/s6sjhscqmMrdhMmlPRIhObI/Mpfo4GQ lxoa94BEXAagFEMUPBs/iu1vwof90Yso9J0Zer6pil950SGA3YjauCmOP3GibjWr LBaLvOCZB/HxYmSKvDeN5g7plNfl1MSnuAglcIFOMs/xntRYgBJrDfUDw9kKjm0Z Y7iglIjLYQvStQGXGmHQhwglJJgxZjOipJSalEeTVdWfFWXursKamoTu8Bo9TELK z8zbh3IozHA/roQFcLtDgcVtn0qFMMf4YBb9rXMwePAdEXTrOVTzcPUe3dc0tEmY 5nCBsMPYZ0/KLQATViApAT3v3sa++ywxqATibPoxJdvsmvrDLLtDPenHbEr4b6Ns CkTEXrASTF/y5sWYDZ/F =Djhc -----END PGP SIGNATURE-----
Current thread:
- CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried (May 31)
- Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried (May 31)