oss-security - Re: CVE Request: Mongo DB

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <5150AF98.1010808@redhat.com>
Date: Mon, 25 Mar 2013 14:12:08 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>, security@...en.com
Subject: Re: CVE Request: Mongo DB

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/25/2013 09:58 AM, Marcus Meissner wrote:
> Hi,
> 
> I do not think this has a CVE yet ...
> 
> http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/
> describes a MongoDB remote exploit.
> 
> Ciao, Marcus

Looks that way. Please use CVE-2013-1892 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRUK+YAAoJEBYNRVNeJnmTTO4QAKzd0LGLn1z0wlwXWlAVwUgH
W2cDUigt5KWIbuy/W9uUSnaQsZWD70rKytt37pOKXWhsqNlrKZOlbDdxlIMgSGXC
0c6gFUsHP59h5HO2LnbwelF4Ze5T01LLIYbe+DSTLG+KePpF6HCcD07c8aXljiRe
iOqGWm8aUg5fm+CXZ5ay47CWa1UouR5t5C4XQmb/f/rip49RTAFx5SJ3/z4GHo12
Svn5WyabpIyqTBg+Ny2cVhjs4vO90n1NM1lVMzsq85GRtRz5snBwE6kW+MHc5YVE
kryxFzZSWzsCb3NyzWsnIi2zJvKFp/Ckjn9f/EL9tuVJo7DsbJVF7xTQtIIk4Ukn
XYPAv/GwtYOp/v7WIWQnx/OLzIhoZHNs5P9IH68AA3DH8hJrTr6jmgB04S0WsUvc
Cp88MnWce3qfVfEo6slVA9xYsfD6oKAuda4+kV/THf6E5kshwB8ZHtRjofWq0gNR
cae9/+7O+7CUINzro33zkwzfhGiRcgZtO1kn0p6muPf4M2Rbk1iy5YgJlJhIrYT8
8B6clqGnScB+QJ3Fol+qj8zaHmNKtVj+WwtaUR0UCX0EynDj2DfgGO1TSBq+lK4A
s6hiPB/4pOmDEeYTa8PAmTNpENV3s8rZ/NFZLIZROlfEBh9rnFEJDKwhExnmBKYr
jKwHWVldvVIIiVcTjavp
=W54H
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.