Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-33995

mongod crashes with nmap script

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.6.3, 3.7.3
    • Fix Version/s: 3.6.6, 3.7.6
    • Component/s: Stability
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v3.6
    • Sprint:
      Platforms 2018-04-09, Platforms 2018-04-23

      Description

      Tested on OSX with mongodb 3.6.3 and 3.7.3

      Steps:

      • start mongod process
      • install nmap (brew install nmap) I'm using Nmap 7.60
      • run this command once or twicw

      $ nmap -p 27017 localhost --script mongodb-brute
       
      Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-20 11:56 EET
      Nmap scan report for localhost (127.0.0.1)
      Host is up (0.00015s latency).
      Other addresses for localhost (not scanned): ::1
       
      PORT      STATE SERVICE
      27017/tcp open  mongod
      |_mongodb-brute: ERROR: Script execution failed (use -d to debug)
       
      Nmap done: 1 IP address (1 host up) scanned in 0.26 seconds
      

      3.6.3 crash log

      2018-03-20T11:53:20.146+0200 E NETWORK  [listener] can't set TCP_KEEPALIVE: Invalid argument
      2018-03-20T11:53:20.146+0200 I NETWORK  [listener] connection accepted from (NONE):27017 #1 (1 connection now open)
      2018-03-20T11:53:20.146+0200 I NETWORK  [listener] connection accepted from 127.0.0.1:54668 #2 (2 connections now open)
      2018-03-20T11:53:20.147+0200 I NETWORK  [conn1] end connection (NONE):27017 (1 connection now open)
      2018-03-20T11:53:20.150+0200 I NETWORK  [conn2] end connection 127.0.0.1:54668 (0 connections now open)
      2018-03-20T11:53:22.385+0200 F NETWORK  [listener] Uncaught exception in the listener: UnknownError: Caught std::exception of type std::__1::system_error: set_option: Invalid argument
      2018-03-20T11:53:22.385+0200 F -        [listener] Fatal Assertion 40491 at src/mongo/transport/transport_layer_asio.cpp 244
      2018-03-20T11:53:22.385+0200 F -        [listener]
       
      ***aborting after fassert() failure
       
       
      2018-03-20T11:53:22.392+0200 F -        [listener] Got signal: 6 (Abort trap: 6).
      

      3.7.3 crash log

      2018-03-20T11:56:12.568+0200 I NETWORK  [initandlisten] waiting for connections on port 27017
      2018-03-20T11:56:15.399+0200 I NETWORK  [listener] connection accepted from (NONE):27017 #1 (1 connection now open)
      2018-03-20T11:56:15.400+0200 I NETWORK  [listener] connection accepted from 127.0.0.1:54707 #2 (2 connections now open)
      2018-03-20T11:56:15.400+0200 I NETWORK  [conn1] end connection (NONE):27017 (1 connection now open)
      2018-03-20T11:56:15.403+0200 I NETWORK  [conn2] end connection 127.0.0.1:54707 (0 connections now open)
      2018-03-20T11:56:16.668+0200 E NETWORK  [listener] can't set TCP_KEEPALIVE: Invalid argument
      2018-03-20T11:56:16.668+0200 I NETWORK  [listener] connection accepted from (NONE):27017 #3 (1 connection now open)
      2018-03-20T11:56:16.668+0200 I NETWORK  [conn3] end connection (NONE):27017 (0 connections now open)
      2018-03-20T11:56:16.668+0200 I NETWORK  [listener] connection accepted from 127.0.0.1:54711 #4 (1 connection now open)
      2018-03-20T11:56:16.672+0200 I NETWORK  [conn4] end connection 127.0.0.1:54711 (0 connections now open)
      2018-03-20T11:56:17.822+0200 I NETWORK  [listener] connection accepted from (NONE):27017 #5 (1 connection now open)
      2018-03-20T11:56:17.822+0200 I NETWORK  [conn5] end connection (NONE):27017 (0 connections now open)
      2018-03-20T11:56:17.822+0200 I NETWORK  [listener] connection accepted from 127.0.0.1:54715 #6 (1 connection now open)
      2018-03-20T11:56:17.826+0200 I NETWORK  [conn6] end connection 127.0.0.1:54715 (0 connections now open)
      2018-03-20T11:56:18.667+0200 F NETWORK  [listener] Uncaught exception in the listener: UnknownError: Caught std::exception of type std::__1::system_error: set_option: Invalid argument
      2018-03-20T11:56:18.667+0200 F -        [listener] Fatal Assertion 40491 at src/mongo/transport/transport_layer_asio.cpp 373
      2018-03-20T11:56:18.667+0200 F -        [listener]
       
      ***aborting after fassert() failure
       
       
      2018-03-20T11:56:18.673+0200 F -        [listener] Got signal: 6 (Abort trap: 6).
       0x10b082629 0x10b081efd 0x7fff8b06fb3a 0x7fff93d5d6b0 0x7fff8aef4420 0x10b078d3e 0x10abb8225 0x7fff8b07993b 0x7fff8b079887 0x7fff8b07908d
      ----- BEGIN BACKTRACE -----
      {"backtrace":[{"b":"109A4C000","o":"1636629","s":"_ZN5mongo15printStackTraceERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEE"},{"b":"109A4C000","o":"1635EFD","s":"_ZN5mongo12_GLOBAL__N_110abruptQuitEi"},{"b":"7FFF8B06D000","o":"2B3A","s":"_sigtramp"},{"b":"7FFF8AE95000","o":"8EC86B0","s":"_C_time_locale"},{"b":"7FFF8AE95000","o":"5F420","s":"abort"},{"b":"109A4C000","o":"162CD3E","s":"_ZN5mongo25fassertFailedWithLocationEiPKcj"},{"b":"109A4C000","o":"116C225","s":"_ZNSt3__114__thread_proxyINS_5tupleIJZN5mongo9transport18TransportLayerASIO5startEvE3$_2EEEEEPvS7_"},{"b":"7FFF8B076000","o":"393B","s":"_pthread_body"},{"b":"7FFF8B076000","o":"3887","s":"_pthread_body"},{"b":"7FFF8B076000","o":"308D","s":"thread_start"}],"processInfo":{ "mongodbVersion" : "3.7.3", "gitVersion" : "0c1402ee3f10eaf9d6d989d814bc3113a380091e", "compiledModules" : [], "uname" : { "sysname" : "Darwin", "release" : "16.7.0", "version" : "Darwin Kernel Version 16.7.0: Thu Jan 11 22:59:40 PST 2018; root:xnu-3789.73.8~1/RELEASE_X86_64", "machine" : "x86_64" }, "somap" : [ { "path" : "/usr/local/bin/mongod", "machType" : 2, "b" : "109A4C000", "vmaddr" : "100000000", "buildId" : "3E0DAA3E995D368EA2EDA8DC2A6E2A78" }, { "path" : "/usr/lib/libresolv.9.dylib", "machType" : 6, "b" : "7FFF8A98D000", "vmaddr" : "7FFF8A6B4000", "buildId" : "A244AE4C00B0396C98FF97FE4DB3DA30" }, { "path" : "/usr/lib/libssl.0.9.8.dylib", "machType" : 6, "b" : "7FFF8AB6A000", "vmaddr" : "7FFF8A891000", "buildId" : "3B6EAD4BF7FA369CAB54755B08219D2A" }, { "path" : "/usr/lib/libcrypto.0.9.8.dylib", "machType" : 6, "b" : "7FFF89B56000", "vmaddr" : "7FFF8987D000", "buildId" : "B34BC0FA18ED37C59D46393803CADEBB" }, { "path" : "/usr/lib/libSystem.B.dylib", "machType" : 6, "b" : "7FFF898B7000", "vmaddr" : "7FFF895DE000", "buildId" : "ACC3231B370F32358E5F159E094FC3F9" }, { "path" : "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation", "machType" : 6, "b" : "7FFF75652000", "vmaddr" : "7FFF75379000", "buildId" : "F07A2387602E3D9E87083B3430BD7D82" }, { "path" : "/System/Library/Frameworks/Security.framework/Versions/A/Security", "machType" : 6, "b" : "7FFF7B95F000", "vmaddr" : "7FFF7B686000", "buildId" : "F5AE6D2CDA85356B9696229545452B6A" }, { "path" : "/usr/lib/libc++.1.dylib", "machType" : 6, "b" : "7FFF899F1000", "vmaddr" : "7FFF89718000", "buildId" : "0B43BB5DE6EB34648DE9B41AC8ED9D1C" }, { "path" : "/usr/lib/system/libcache.dylib", "machType" : 6, "b" : "7FFF8AD84000", "vmaddr" : "7FFF8AAAB000", "buildId" : "093A4DAB83853D47A350E20CB7CCF7BF" }, { "path" : "/usr/lib/system/libcommonCrypto.dylib", "machType" : 6, "b" : "7FFF8AD89000", "vmaddr" : "7FFF8AAB0000", "buildId" : "8A64D1B0C70E385C92F0E669079FDA90" }, { "path" : "/usr/lib/system/libcompiler_rt.dylib", "machType" : 6, "b" : "7FFF8AD94000", "vmaddr" : "7FFF8AABB000", "buildId" : "55D47421772A32ABB5291A46C2F43B4D" }, { "path" : "/usr/lib/system/libcopyfile.dylib", "machType" : 6, "b" : "7FFF8AD9C000", "vmaddr" : "7FFF8AAC3000", "buildId" : "819BEA3CDF113E3DA1A15A51C5BF1961" }, { "path" : "/usr/lib/system/libcorecrypto.dylib", "machType" : 6, "b" : "7FFF8ADA5000", "vmaddr" : "7FFF8AACC000", "buildId" : "65D7165E2E71335DA2D633F78E2DF0C1" }, { "path" : "/usr/lib/system/libdispatch.dylib", "machType" : 6, "b" : "7FFF8AE29000", "vmaddr" : "7FFF8AB50000", "buildId" : "6582BAD6ED273B30B62090B1C5A4AE3C" }, { "path" : "/usr/lib/system/libdyld.dylib", "machType" : 6, "b" : "7FFF8AE5B000", "vmaddr" : "7FFF8AB82000", "buildId" : "128FF2BBD0C836D9A456C1077E7BB182" }, { "path" : "/usr/lib/system/libkeymgr.dylib", "machType" : 6, "b" : "7FFF8AE61000", "vmaddr" : "7FFF8AB88000", "buildId" : "7AA011A9DC213488BF733B5B14D1FDD6" }, { "path" : "/usr/lib/system/liblaunch.dylib", "machType" : 6, "b" : "7FFF8AE6F000", "vmaddr" : "7FFF8AB96000", "buildId" : "B856ABD2896E3DE0B2C8146A6AF8E2A7" }, { "path" : "/usr/lib/system/libmacho.dylib", "machType" : 6, "b" : "7FFF8AE70000", "vmaddr" : "7FFF8AB97000", "buildId" : "17D5D855F6C33B04B680E9BF02EF8AED" }, { "path" : "/usr/lib/system/libquarantine.dylib", "machType" : 6, "b" : "7FFF8AE76000", "vmaddr" : "7FFF8AB9D000", "buildId" : "12448CC2378E35F3BE339DC395A5B970" }, { "path" : "/usr/lib/system/libremovefile.dylib", "machType" : 6, "b" : "7FFF8AE79000", "vmaddr" : "7FFF8ABA0000", "buildId" : "38D4CB9C10CD30D38B7BA515EC75FE85" }, { "path" : "/usr/lib/system/libsystem_asl.dylib", "machType" : 6, "b" : "7FFF8AE7B000", "vmaddr" : "7FFF8ABA2000", "buildId" : "096E42283B7C30A68B13EC909A64499A" }, { "path" : "/usr/lib/system/libsystem_blocks.dylib", "machType" : 6, "b" : "7FFF8AE94000", "vmaddr" : "7FFF8ABBB000", "buildId" : "10DC540473AB35B3A277A8AFECB476EB" }, { "path" : "/usr/lib/system/libsystem_c.dylib", "machType" : 6, "b" : "7FFF8AE95000", "vmaddr" : "7FFF8ABBC000", "buildId" : "E5AE52447D0C36AC8BB6C7AE7EA52A4B" }, { "path" : "/usr/lib/system/libsystem_configuration.dylib", "machType" : 6, "b" : "7FFF8AF23000", "vmaddr" : "7FFF8AC4A000", "buildId" : "BECC01A2CA8D31E6BCDFD452965FA976" }, { "path" : "/usr/lib/system/libsystem_coreservices.dylib", "machType" : 6, "b" : "7FFF8AF27000", "vmaddr" : "7FFF8AC4E000", "buildId" : "7D26DE79B424345085E1F7FAB32714AB" }, { "path" : "/usr/lib/system/libsystem_coretls.dylib", "machType" : 6, "b" : "7FFF8AF2B000", "vmaddr" : "7FFF8AC52000", "buildId" : "EC6FCF07DCFB3A039CC96DD3709974C6" }, { "path" : "/usr/lib/system/libsystem_dnssd.dylib", "machType" : 6, "b" : "7FFF8AF44000", "vmaddr" : "7FFF8AC6B000", "buildId" : "CC9602150B1B3822A13A3DDE96FA796F" }, { "path" : "/usr/lib/system/libsystem_info.dylib", "machType" : 6, "b" : "7FFF8AF4B000", "vmaddr" : "7FFF8AC72000", "buildId" : "611DB84CBF703F928702B9F28A900920" }, { "path" : "/usr/lib/system/libsystem_kernel.dylib", "machType" : 6, "b" : "7FFF8AF75000", "vmaddr" : "7FFF8AC9C000", "buildId" : "7F77BDE893F43A2DB86495AE10DCEA60" }, { "path" : "/usr/lib/system/libsystem_m.dylib", "machType" : 6, "b" : "7FFF8AF98000", "vmaddr" : "7FFF8ACBF000", "buildId" : "86D499B5BBDC3D3B8A4E97AE8E6672A4" }, { "path" : "/usr/lib/system/libsystem_malloc.dylib", "machType" : 6, "b" : "7FFF8AFE0000", "vmaddr" : "7FFF8AD07000", "buildId" : "A3D15F1799A633678C7E4280E8619C95" }, { "path" : "/usr/lib/system/libsystem_network.dylib", "machType" : 6, "b" : "7FFF8AFFF000", "vmaddr" : "7FFF8AD26000", "buildId" : "369D022156CA3C3E9EDE94B41CAE77B7" }, { "path" : "/usr/lib/system/libsystem_networkextension.dylib", "machType" : 6, "b" : "7FFF8B059000", "vmaddr" : "7FFF8AD80000", "buildId" : "B021F2B38A753633ABB0FC012B8E9B0C" }, { "path" : "/usr/lib/system/libsystem_notify.dylib", "machType" : 6, "b" : "7FFF8B063000", "vmaddr" : "7FFF8AD8A000", "buildId" : "B8160190A0693B3ABDF62AA408221FAE" }, { "path" : "/usr/lib/system/libsystem_platform.dylib", "machType" : 6, "b" : "7FFF8B06D000", "vmaddr" : "7FFF8AD94000", "buildId" : "897462FDB318321BA554E61982630F7E" }, { "path" : "/usr/lib/system/libsystem_pthread.dylib", "machType" : 6, "b" : "7FFF8B076000", "vmaddr" : "7FFF8AD9D000", "buildId" : "B8FB5E20329539E2B5EBB464D1D4B104" }, { "path" : "/usr/lib/system/libsystem_sandbox.dylib", "machType" : 6, "b" : "7FFF8B081000", "vmaddr" : "7FFF8ADA8000", "buildId" : "19320A422E3B361BBBDA2F5F2E87B100" }, { "path" : "/usr/lib/system/libsystem_secinit.dylib", "machType" : 6, "b" : "7FFF8B085000", "vmaddr" : "7FFF8ADAC000", "buildId" : "F78B847B35653E4B98A6F7AD40392E2D" }, { "path" : "/usr/lib/system/libsystem_symptoms.dylib", "machType" : 6, "b" : "7FFF8B087000", "vmaddr" : "7FFF8ADAE000", "buildId" : "3390E07CC1CE348FADBD2C5440B45EAA" }, { "path" : "/usr/lib/system/libsystem_trace.dylib", "machType" : 6, "b" : "7FFF8B08F000", "vmaddr" : "7FFF8ADB6000", "buildId" : "AC63A7FE50D93A3096E6F6B7FF16E465" }, { "path" : "/usr/lib/system/libunwind.dylib", "machType" : 6, "b" : "7FFF8B0A3000", "vmaddr" : "7FFF8ADCA000", "buildId" : "3D50D8A8C460334DA5192DA841102C6B" }, { "path" : "/usr/lib/system/libxpc.dylib", "machType" : 6, "b" : "7FFF8B0A9000", "vmaddr" : "7FFF8ADD0000", "buildId" : "BF896DF0D8E931A8A4B301120BFEEE52" }, { "path" : "/usr/lib/libobjc.A.dylib", "machType" : 6, "b" : "7FFF8A565000", "vmaddr" : "7FFF8A28C000", "buildId" : "70614861034032E285EDFE65759CDFFA" }, { "path" : "/usr/lib/libc++abi.dylib", "machType" : 6, "b" : "7FFF89A48000", "vmaddr" : "7FFF8976F000", "buildId" : "BC271AD3831B362A9DA7E8C51F285FE4" }, { "path" : "/System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent", "machType" : 6, "b" : "7FFF88325000", "vmaddr" : "7FFF8804C000", "buildId" : "EBE65DD5173237478C6C7BECEBF089A4" }, { "path" : "/usr/lib/libz.1.dylib", "machType" : 6, "b" : "7FFF8AD64000", "vmaddr" : "7FFF8AA8B000", "buildId" : "46E3FFA24328327A8D34A03E20BFFB8E" }, { "path" : "/usr/lib/libDiagnosticMessagesClient.dylib", "machType" : 6, "b" : "7FFF89678000", "vmaddr" : "7FFF8939F000", "buildId" : "84A04D240E603810A8C090A65E2DF61A" }, { "path" : "/usr/lib/libicucore.A.dylib", "machType" : 6, "b" : "7FFF89FB1000", "vmaddr" : "7FFF89CD8000", "buildId" : "E720801C2D923108B853469551EDF21F" }, { "path" : "/usr/lib/libcoretls.dylib", "machType" : 6, "b" : "7FFF89A9A000", "vmaddr" : "7FFF897C1000", "buildId" : "64B1001E10F63542A3B2C4B49F51817F" }, { "path" : "/usr/lib/libcoretls_cfhelpers.dylib", "machType" : 6, "b" : "7FFF89A9B000", "vmaddr" : "7FFF897C2000", "buildId" : "1A10303E5EB03C7C9165021FCDFD934D" }, { "path" : "/usr/lib/libOpenScriptingUtil.dylib", "machType" : 6, "b" : "7FFF898B1000", "vmaddr" : "7FFF895D8000", "buildId" : "0F1BA40797D136F6882DA355EAAD5E00" }, { "path" : "/usr/lib/libauto.dylib", "machType" : 6, "b" : "7FFF899D0000", "vmaddr" : "7FFF896F7000", "buildId" : "34388D0BC5393C1B94082BC152162E43" }, { "path" : "/usr/lib/libbsm.0.dylib", "machType" : 6, "b" : "7FFF899D1000", "vmaddr" : "7FFF896F8000", "buildId" : "20084796B04D3B35A003EA11459557A9" }, { "path" : "/usr/lib/libpam.2.dylib", "machType" : 6, "b" : "7FFF8A93A000", "vmaddr" : "7FFF8A661000", "buildId" : "71EB0D88DE843C8DA2C558AA282BC5BC" }, { "path" : "/usr/lib/libsqlite3.dylib", "machType" : 6, "b" : "7FFF8A9F9000", "vmaddr" : "7FFF8A720000", "buildId" : "1ECF7DF77A073B4BA63BF4EFF6BC7ACF" }, { "path" : "/usr/lib/libxar.1.dylib", "machType" : 6, "b" : "7FFF8AC3C000", "vmaddr" : "7FFF8A963000", "buildId" : "69547C64E811326FBBED490C6361BDCB" }, { "path" : "/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit", "machType" : 6, "b" : "7FFF77631000", "vmaddr" : "7FFF77358000", "buildId" : "454036AD86AA3ABB8C53B5F654A6824D" }, { "path" : "/usr/lib/libbz2.1.0.dylib", "machType" : 6, "b" : "7FFF899E2000", "vmaddr" : "7FFF89709000", "buildId" : "ADFA329ADCE7356D8F09A3168DFC6610" }, { "path" : "/usr/lib/libxml2.2.dylib", "machType" : 6, "b" : "7FFF8AC4A000", "vmaddr" : "7FFF8A971000", "buildId" : "75135C3D47B13217AC2BB566E2E1A4A3" }, { "path" : "/usr/lib/liblzma.5.dylib", "machType" : 6, "b" : "7FFF8A1DE000", "vmaddr" : "7FFF89F05000", "buildId" : "44BD027999DD36B58A6EC11432E2098D" }, { "path" : "/usr/lib/libenergytrace.dylib", "machType" : 6, "b" : "7FFF89EA8000", "vmaddr" : "7FFF89BCF000", "buildId" : "A1B040A2797730979ADF34FF181EB970" }, { "path" : "/usr/lib/system/libkxld.dylib", "machType" : 6, "b" : "7FFF8AE62000", "vmaddr" : "7FFF8AB89000", "buildId" : "CE95DAA4068A369A95CF3AE472FC4F34" } ] }}
       mongod(_ZN5mongo15printStackTraceERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEE+0x39) [0x10b082629]
       mongod(_ZN5mongo12_GLOBAL__N_110abruptQuitEi+0xBD) [0x10b081efd]
       libsystem_platform.dylib(_sigtramp+0x1A) [0x7fff8b06fb3a]
       libsystem_c.dylib(_C_time_locale+0x0) [0x7fff93d5d6b0]
       libsystem_c.dylib(abort+0x81) [0x7fff8aef4420]
       mongod(_ZN5mongo25fassertFailedWithLocationEiPKcj+0x24E) [0x10b078d3e]
       mongod(_ZNSt3__114__thread_proxyINS_5tupleIJZN5mongo9transport18TransportLayerASIO5startEvE3$_2EEEEEPvS7_+0x1E5) [0x10abb8225]
       libsystem_pthread.dylib(_pthread_body+0xB4) [0x7fff8b07993b]
       libsystem_pthread.dylib(_pthread_body+0x0) [0x7fff8b079887]
       libsystem_pthread.dylib(thread_start+0xD) [0x7fff8b07908d]
      -----  END BACKTRACE  -----
      [1]    86944 abort      mongod
      

      Apple crash log:
      apple crash log.txt

      Performs brute force password auditing against the MongoDB database.
      https://nmap.org/nsedoc/scripts/mongodb-brute.html

        Attachments

          Activity

            People

            Assignee:
            jonathan.reams Jonathan Reams
            Reporter:
            gianpa@gmail.com Gianfranco Palumbo
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: