Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 May 2013 13:10:23 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference
 due to utter plebbery

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://jira.mongodb.org/browse/PYTHON-532

Short summary:

Step 1. Use Mongo as WEB SCALE DOCUMENT STORE OF CHOICE LOL
Step 2. Assume basic engineering principles applied throughout due to
HEAVY MARKETING SUGGESTING AWESOMENESS.
Step 3. Spend 6 months fighting plebbery across the spectrum, mostly
succeed.
Step 4. NIGHT BEFORE INVESTOR DEMO, TRY UPLOADING SOME DATA WITH
"{$ref: '#/mongodb/plebtastic'"
Step 5. LOL WTF?!?!? PYMONGO CRASH?? :OOO LOOOL WEBSCALE
Step 6. It's 4am now. STILL INVESTIGATING
b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500
1196) /* Decoding for DBRefs */
Oh Mike!!!


3. ADD process_dbrefs=False TO ALL THE DRIVERS

To reproduce:
? in mongo shell:
db.python532.insert({x : {"$ref" : "whatever"} });
? in python shell
import pymongo
pymongo.MongoClient().test.python532.find_one()

Fix:
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2

BTW can someone from 10gen contact me so we can start doing the CVEs
for MongoDB properly? Thanks.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRqPWfAAoJEBYNRVNeJnmTOngQAMcgBc6gI2Sr78b3El4ZZ1Cx
TPdez1MNZhzhK9ELhLV+fuwFVDTYNQijFDlGjJjjFICh5RPOuVUCrAVyrv1NK4HF
e2CgLNAuZuG68z4byKDe7zvfftwb2NgT+9DRtye20ExYQ2KgEufrEPjLlY0BF9vu
arQyye/b2InhuUx7zzNr/dPkLXRzibq+7CfbCkSQ9T4/yJ5Cjlk7ILnIPNlV/E4L
48P+fOza5JcLJs/MEInXMOhQiDQDYWn4M1gcwe4YCKbsjohAhQy9KBoFIckbLEA6
mceG+KkQmB5D/X32YGq3UMOOfPntgrvV/s6sjhscqmMrdhMmlPRIhObI/Mpfo4GQ
lxoa94BEXAagFEMUPBs/iu1vwof90Yso9J0Zer6pil950SGA3YjauCmOP3GibjWr
LBaLvOCZB/HxYmSKvDeN5g7plNfl1MSnuAglcIFOMs/xntRYgBJrDfUDw9kKjm0Z
Y7iglIjLYQvStQGXGmHQhwglJJgxZjOipJSalEeTVdWfFWXursKamoTu8Bo9TELK
z8zbh3IozHA/roQFcLtDgcVtn0qFMMf4YBb9rXMwePAdEXTrOVTzcPUe3dc0tEmY
5nCBsMPYZ0/KLQATViApAT3v3sa++ywxqATibPoxJdvsmvrDLLtDPenHbEr4b6Ns
CkTEXrASTF/y5sWYDZ/F
=Djhc
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.