Описание
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mongodb | fixed | 1:3.2.11-1 | package | |
| mongodb | no-dsa | jessie | package | |
| mongodb | no-dsa | wheezy | package |
Примечания
https://jira.mongodb.org/browse/SERVER-24378
Marking as fixed with the first 3.x based version in unstable
This issue though affect only 2.4 (and possibly older), or 2.6
installations, but only in circumstances where they first had a
MongoDB 2.4 installation with authentication enabled, upgraded
to 2.6, and did not complete a full upgrade
Связанные уязвимости
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.