the original cloud security
Showing 1 - 2 of 2 RSS Feed

CVE-2013-1892

Status Candidate

Overview

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.

Related Files

Red Hat Security Advisory 2013-1170-01
Posted Aug 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1170-01 - MongoDB is a NoSQL database. PyMongo provides tools for working with MongoDB. A flaw was found in the run() function implementation in MongoDB. A database user permitted to send database queries to a MongoDB server could use this flaw to crash the server or, possibly, execute arbitrary code with the privileges of the mongodb user. A NULL pointer dereference flaw was found in PyMongo. An invalid DBRef record received from a MongoDB server could cause an application using PyMongo to crash.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2013-1892, CVE-2013-2132
MD5 | ceff92671f692de94467a2b04fffbaac
MongoDB nativeHelper.apply Remote Code Execution
Posted Apr 2, 2013
Authored by agix | Site metasploit.com

This Metasploit module exploits the nativeHelper feature from spiderMonkey which allows control over execution by calling it with specially crafted arguments. This Metasploit module has been tested successfully on MongoDB 2.2.3 on Ubuntu 10.04 and Debian Squeeze.

tags | exploit
systems | linux, debian, ubuntu
advisories | CVE-2013-1892, OSVDB-91632
MD5 | 47f2650530e57cce115d8b1facd6121a
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close