PT-2012-58: Arbitrary Server Memory Chunks Reading in MongoDB

Vulnerable software

MongoDB
Version: 2.x and earlier

Application link:
http://www.mongodb.org/

Severity level

Severity level: Medium
Impact: Arbitrary Server Memory Chunks Reading
Access Vector: Local

CVSS v2:
Base Score: 4.4
Vector: (AV:L/AC:M/Au:S/C:C/I:N/A:N)

CVE: not assigned

Software description

MongoDB is an open-source document-centric database management system (DBMS) that do not require description of scheme of tables.

Vulnerability description

The specialists of the Positive Research center have detected "Columns Overwriting and Adding" vulnerability in MongoDB application.

Due to improper handling of the length of the BSON document in the column name in the insert command, a specially crafted entry containing Base64 encoded server memory chunks can be introduced into MongoDB.

How to fix

Update your software up to the latest version

Advisory status

27.11.2012 - Vendor gets vulnerability details
13.02.2013 - Vendor releases fixed version and details
10.07.2013 - Public disclosure

Credits

The vulnerability was detected by Mikhail Firstov, Positive Research Center (Positive Technologies Company)

References

http://en.securitylab.ru/lab/PT-2012-58

Reports on the vulnerabilities previously discovered by Positive Research:

http://ptsecurity.com/research/advisory/
http://en.securitylab.ru/lab/

Threatscape
Visionary WAF – Constant innovation