'[oss-security] CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebber'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebber
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-05-31 19:10:23
Message-ID: 51A8F59F.7040002 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://jira.mongodb.org/browse/PYTHON-532

Short summary:

Step 1. Use Mongo as WEB SCALE DOCUMENT STORE OF CHOICE LOL
Step 2. Assume basic engineering principles applied throughout due to
HEAVY MARKETING SUGGESTING AWESOMENESS.
Step 3. Spend 6 months fighting plebbery across the spectrum, mostly
succeed.
Step 4. NIGHT BEFORE INVESTOR DEMO, TRY UPLOADING SOME DATA WITH
"{$ref: '#/mongodb/plebtastic'"
Step 5. LOL WTF?!?!? PYMONGO CRASH?? :OOO LOOOL WEBSCALE
Step 6. It's 4am now. STILL INVESTIGATING
b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500
1196) /* Decoding for DBRefs */
Oh Mike!!!


3. ADD process_dbrefs=False TO ALL THE DRIVERS

To reproduce:
? in mongo shell:
db.python532.insert({x : {"$ref" : "whatever"} });
? in python shell
import pymongo
pymongo.MongoClient().test.python532.find_one()

Fix:
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2

BTW can someone from 10gen contact me so we can start doing the CVEs
for MongoDB properly? Thanks.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRqPWfAAoJEBYNRVNeJnmTOngQAMcgBc6gI2Sr78b3El4ZZ1Cx
TPdez1MNZhzhK9ELhLV+fuwFVDTYNQijFDlGjJjjFICh5RPOuVUCrAVyrv1NK4HF
e2CgLNAuZuG68z4byKDe7zvfftwb2NgT+9DRtye20ExYQ2KgEufrEPjLlY0BF9vu
arQyye/b2InhuUx7zzNr/dPkLXRzibq+7CfbCkSQ9T4/yJ5Cjlk7ILnIPNlV/E4L
48P+fOza5JcLJs/MEInXMOhQiDQDYWn4M1gcwe4YCKbsjohAhQy9KBoFIckbLEA6
mceG+KkQmB5D/X32YGq3UMOOfPntgrvV/s6sjhscqmMrdhMmlPRIhObI/Mpfo4GQ
lxoa94BEXAagFEMUPBs/iu1vwof90Yso9J0Zer6pil950SGA3YjauCmOP3GibjWr
LBaLvOCZB/HxYmSKvDeN5g7plNfl1MSnuAglcIFOMs/xntRYgBJrDfUDw9kKjm0Z
Y7iglIjLYQvStQGXGmHQhwglJJgxZjOipJSalEeTVdWfFWXursKamoTu8Bo9TELK
z8zbh3IozHA/roQFcLtDgcVtn0qFMMf4YBb9rXMwePAdEXTrOVTzcPUe3dc0tEmY
5nCBsMPYZ0/KLQATViApAT3v3sa++ywxqATibPoxJdvsmvrDLLtDPenHbEr4b6Ns
CkTEXrASTF/y5sWYDZ/F
=Djhc
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic