oss-sec mailing list archives
Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 31 May 2013 21:15:28 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To be clear this is in the mongo-python-driver aka pymongo, not in MongoDB itself (but under the umbrella of MongoDB, I should have been more clear the first time). On 05/31/2013 01:10 PM, Kurt Seifried wrote:
https://jira.mongodb.org/browse/PYTHON-532 Short summary: Step 1. Use Mongo as WEB SCALE DOCUMENT STORE OF CHOICE LOL Step 2. Assume basic engineering principles applied throughout due to HEAVY MARKETING SUGGESTING AWESOMENESS. Step 3. Spend 6 months fighting plebbery across the spectrum, mostly succeed. Step 4. NIGHT BEFORE INVESTOR DEMO, TRY UPLOADING SOME DATA WITH "{$ref: '#/mongodb/plebtastic'" Step 5. LOL WTF?!?!? PYMONGO CRASH?? :OOO LOOOL WEBSCALE Step 6. It's 4am now. STILL INVESTIGATING b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1196) /* Decoding for DBRefs */ Oh Mike!!! 3. ADD process_dbrefs=False TO ALL THE DRIVERS To reproduce: ? in mongo shell: db.python532.insert({x : {"$ref" : "whatever"} }); ? in python shell import pymongo pymongo.MongoClient().test.python532.find_one() Fix: https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 BTW can someone from 10gen contact me so we can start doing the CVEs for MongoDB properly? Thanks.
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRqWdQAAoJEBYNRVNeJnmTLyEP+wUzUZbwh+R/MANlnHkUUIYt Ird/gKx5jdyLhcdwuztgE017gYXZ2HuqA1cf59pw6KshZAkbSsKY/60gMeQrDe5V 9ZVkHYW158MkfFgcL7mTzD8IbLJfrIQIpD3Wt3fNH31J2+xg3DBuyvLfTG8pYjC4 VCtzY2KUUl3iiFA0TRHp6T9eOvsipA6LiqX1fr0lvhIxMl8cxbGcQE7dR43W/CGB DEnL+8apDtnVKHJrn+2YCoMVwox02ZZtzV6IbrQS97xY0Yk1LEEYj6ykKrtf6TPv 7dt9WbxawyDHt0BcIhpyercBb9iBN0gavEczEewH9/kRpBWvQek2lg75PDcsp2Fs g+eSKVjFaguNp8d78WO7yQFM1RCRWImgneQGxg8iCMxY3MfcvMbY3z6yvYnJfV4r CxkC4J21zLTOYZg0i4bVekQhp1XKfSz7pDootWcgyPMl6q6C2nUQRckA94E/jPtB XtE4eIdawcZQ4nsaNlYuj1W/CC0R3+KeWPWb4pZr0Q4DPJjKx00AXgSvs02ZGoAl 0pVNDnk6Gyc3gefkbZCsZ2gc8DX05x2x1FQntIbc7tHAstt+wJEZShB7D/vVLOa3 LQ9oUPgU7bkVW9LD9UYck6GTVlvcN7TkgLbMsdRBDqPcPxUOUn8ZoWW2ude1MB7T /wU5PAfqMa/AMPKtvRVY =CZpc -----END PGP SIGNATURE-----
Current thread:
- CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried (May 31)
- Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried (May 31)