Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> There is a memory over-read bug that can be used by an authenticated
> user (if applicable) to obtain raw MongoDB server process memory
> contents via incorrect BSON object length.  I guess that under most
> deployments this does not cross a security boundary, but for some it
> could (differently-privileged MongoDB users, data already deleted from
> the DB yet staying in process memory, or/and metadata that is not
> normally retrievable).

Use CVE-2012-6619.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSzHs8AAoJEKllVAevmvmssI8H/3aRWpV8sFg4JI7QNRtvaFKx
vabdt8Yy97/6Yiaa3GbB7UzbI4YSBkMC00ikwG9urbbOden7FWgGZx94EbAn0jag
v+EnbYkHp2eNBR69c9C1px76hYSAi2SimsqSaJEzkRvWGz8xRhF1L7FuUZPaw7x0
lBpG9gxxaLfrBDPpwAV5WKsSU4vxOqNIoJV17onVCe7eihRbY8THn6raCUUtNIYt
ZUPLqoijx5ZwWuz7F+W8BxV9m27kXuU7F/vWv4U6FBGg3O/2aBCGId/GNTgXvjVJ
VIupOHBtynG1flDmtXyPsnXNChGZGhJe7RuRoUkEDb7DWKazyQpjvxTGciOAHg8=
=dzbh
-----END PGP SIGNATURE-----