CVE-2013-1892

Related Files

Red Hat Security Advisory 2013-1170-01

Posted Aug 21, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1170-01 - MongoDB is a NoSQL database. PyMongo provides tools for working with MongoDB. A flaw was found in the run() function implementation in MongoDB. A database user permitted to send database queries to a MongoDB server could use this flaw to crash the server or, possibly, execute arbitrary code with the privileges of the mongodb user. A NULL pointer dereference flaw was found in PyMongo. An invalid DBRef record received from a MongoDB server could cause an application using PyMongo to crash.

tags | advisory, arbitrary

systems | linux, redhat

advisories | CVE-2013-1892, CVE-2013-2132

SHA-256 | 774c26c772c453155510a81f629828067abba89f9124529d494aa46bbc077c37

Download | Favorite | View

MongoDB nativeHelper.apply Remote Code Execution

Posted Apr 2, 2013

Authored by agix | Site metasploit.com

This Metasploit module exploits the nativeHelper feature from spiderMonkey which allows control over execution by calling it with specially crafted arguments. This Metasploit module has been tested successfully on MongoDB 2.2.3 on Ubuntu 10.04 and Debian Squeeze.

tags | exploit

systems | linux, debian, ubuntu

advisories | CVE-2013-1892, OSVDB-91632

SHA-256 | b6eb069e8c2cd7a54405a167b66ff710e28f82ed3b1979ede3aca6f9223c3ab8

Download | Favorite | View