oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request - MongoDB <=2.4.4 uninitialized object

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 17 Jul 2013 22:39:21 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/17/2013 04:23 AM, Florian wrote:

Hi,

Just a CVE request for this 
http://blog.scrt.ch/2013/06/04/mongodb-rce-by-databasespraying/

Thx



Please use CVE-2013-4142 for this issue.

Also adding Mongo people to this, are you guys aware of this? Also is
there a security alias I should be using (in case people are on
vacation/etc?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR53F5AAoJEBYNRVNeJnmTYKUP+QGz72ykBk4A2gcmApgofq9s
qmWGklP/nuWfR0LNbior4YIGQSXqW9m0LnUeCxHz5FAHhVRtBwV20/AYHH8tXFPZ
n3WzJWkMM8DT9uXZcDqXV694Wo/b0FP6PXXq31OmXyJGgDu935RTFmDZdlwWCr60
Scb4KFatP1M4Wajf1i6l8fw25CsCCLB3pc9J5G626LkVlTqZ2gH3JUkVPKquqAFs
1EfTAx8gY/mjH036XPHp5mcgKmalsCHWDIb/xBlwS8xSdjgtPqjerA2WtfUerlrI
fIN4sTklhNFwllrD4YSlLBEqyq1SWJlSZl1dJIuOJGrYocTU0DEiR37x2CDEUyIM
0rfGUbxgDJkpiRXVc1urdikN/uGpcC5KJmaUuF696aEfF9wlWEpNP/Ik/LtwS/9w
5m9bZx4zS1uilx5VFeUI98XSVVOcRbfjR2koYg1NwefcZXlfWVx7nAKShPVAll5Z
BWtWPhg1mDnO2GN0Z/qcw5M2q9AdhiRJpnK0Z8QCmQrm4uDgErh+iVMUfiPXakNO
rk0AU3UOORrsLb1VfxUzN+SC6C5OTEEyDU0x/9MG4xGyb8J0QTiF9ZZr4p8MFw+W
xTeWFygbD/YHYsYAl0CO5WBPZMb6fux0OuMTkXtTcY2OedyP75jPdpXjWm/+Yxf7
MM/JV/ZUNQmgMheI+c8q
=uB1p
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: