Loading...

Type: Bug
Resolution: Cannot Reproduce
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 4.0.19, 4.2.14
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Operating System:
ALL
Steps To Reproduce:

Hide

Install MongoDB.

Configure MongoDB to use SSL.

Run Nexpose/Nessus scanners against system running MongoDB

Show
Install MongoDB. Configure MongoDB to use SSL. Run Nexpose/Nessus scanners against system running MongoDB

RSA Netwitness is using MongoDB as an off-the-shelf product and using different versions of MongoDB (4.0.x & 4.2.x). We are also using Nexpose and Nessus vulnerability scanners in our product to identify any vulnerabilities. When these scanners are executed, MongoDB is crashing.

As this behavior is present across different versions of MongoDB, this issue is suspected in MongoDB.

Below is the crash dump.
2021-05-20T15:34:35.047+0000 I NETWORK [listener] connection accepted from 10.184.1.238:56692 #342 (112 connections now open)
2021-05-20T15:34:35.204+0000 W NETWORK [conn342] no SSL certificate provided by peer
2021-05-20T15:34:35.267+0000 F - [conn342] Invalid access at address: 0x5652d53ae000
2021-05-20T15:34:35.275+0000 F - [conn342] Got signal: 11 (Segmentation fault).
0x5652a195b211 0x5652a195a83c 0x5652a195aa20 0x7fbc9f7f7630 0x7fbc9b58d35c
----- BEGIN BACKTRACE -----
{"backtrace":[

{"b":"56529F040000","o":"291B211","s":"_ZN5mongo15printStackTraceERSo"}

,

{"b":"56529F040000","o":"291A83C"}

,

{"b":"56529F040000","o":"291AA20"}

,

{"b":"7FBC9F7E8000","o":"F630"}

,

{"b":"7FBC9B54E000","o":"3F35C"}

],"processInfo":{ "mongodbVersion" : "4.2.12", "gitVersion" : "5593fd8e33b60c75802edab304e23998fa0ce8a5", "compiledModules" : [], "uname" :

{ "sysname" : "Linux", "release" : "3.10.0-1160.21.1.el7.x86_64", "version" : "#1 SMP Tue Mar 16 18:28:22 UTC 2021", "machine" : "x86_64" }

, "somap" : [

{ "b" : "56529F040000", "elfType" : 3, "buildId" : "4CBC671EF90A08562409ACEA79DEB3D4AAF63EE4" }

,

{ "b" : "7FFC4469A000", "elfType" : 3, "buildId" : "C8FFA16AE20763964A3C8D28E6AA933A42F28D0F" }

,

{ "b" : "7FBCA0B75000", "path" : "/lib64/libcurl.so.4", "elfType" : 3, "buildId" : "AA185EEE9B8EE0BCE652F7A6E9AAD07B1B3808C4" }

,

{ "b" : "7FBCA095B000", "path" : "/lib64/libresolv.so.2", "elfType" : 3, "buildId" : "B45C711D26DDD9F612D7814CE83B427927C8BC65" }

,

{ "b" : "7FBCA059B000", "path" : "/lib64/libcrypto.so.10", "elfType" : 3, "buildId" : "6738FD6DBD26AD69A4EA7791CC781A46B5916B86" }

,

{ "b" : "7FBCA0328000", "path" : "/lib64/libssl.so.10", "elfType" : 3, "buildId" : "853F809CDAFB47B42E262544E18C75F36D631E4F" }

,

{ "b" : "7FBCA0124000", "path" : "/lib64/libdl.so.2", "elfType" : 3, "buildId" : "7F2E9CB0769D7E57BD669B485A74B537B63A57C4" }

,

{ "b" : "7FBC9FF1C000", "path" : "/lib64/librt.so.1", "elfType" : 3, "buildId" : "3E44DF7055942478D052E40FDD1F5B7862B152B0" }

,

{ "b" : "7FBC9FC1A000", "path" : "/lib64/libm.so.6", "elfType" : 3, "buildId" : "7011EFEA5156B5EEBF77C40CB1D3B0C6970C50DB" }

,

{ "b" : "7FBC9FA04000", "path" : "/lib64/libgcc_s.so.1", "elfType" : 3, "buildId" : "EDF51350C7F71496149D064AA8B1441F786DF88A" }

,

{ "b" : "7FBC9F7E8000", "path" : "/lib64/libpthread.so.0", "elfType" : 3, "buildId" : "E10CC8F2B932FC3DAEDA22F8DAC5EBB969524E5B" }

,

{ "b" : "7FBC9F41A000", "path" : "/lib64/libc.so.6", "elfType" : 3, "buildId" : "7CD4A08C18C60E1E2EA1AEBB88C9379BD7289D38" }

,

{ "b" : "7FBCA0DDF000", "path" : "/lib64/ld-linux-x86-64.so.2", "elfType" : 3, "buildId" : "62C449974331341BB08DCCE3859560A22AF1E172" }

,

{ "b" : "7FBC9F1E7000", "path" : "/lib64/libidn.so.11", "elfType" : 3, "buildId" : "2B77BBEFFF65E94F3E0B71A4E89BEB68C4B476C5" }

,

{ "b" : "7FBC9EFBA000", "path" : "/lib64/libssh2.so.1", "elfType" : 3, "buildId" : "CB0BD6C014F41EC926FAC41322C82FF4A5EB88B9" }

,

{ "b" : "7FBC9ED5D000", "path" : "/lib64/libssl3.so", "elfType" : 3, "buildId" : "AAEB3A8C75F24B6EF9E965F4C7B41F1D10E4A1E3" }

,

{ "b" : "7FBC9EB35000", "path" : "/lib64/libsmime3.so", "elfType" : 3, "buildId" : "CED43363B6A38A426D2A5EEECC7A267DD7BFBD60" }

,

{ "b" : "7FBC9E801000", "path" : "/lib64/libnss3.so", "elfType" : 3, "buildId" : "8EBF98BF33F01E42E4388F6E256B56D1325A54EA" }

,

{ "b" : "7FBC9E5D1000", "path" : "/lib64/libnssutil3.so", "elfType" : 3, "buildId" : "A61604F9C4E3F975A0A1742174F08D6ECF987A63" }

,

{ "b" : "7FBC9E3CD000", "path" : "/lib64/libplds4.so", "elfType" : 3, "buildId" : "E761D8698407F6521F26F579D61D5EC8F7EF04A9" }

,

{ "b" : "7FBC9E1C8000", "path" : "/lib64/libplc4.so", "elfType" : 3, "buildId" : "41E234507D6BB1E4FE56A078127D36C1963460CC" }

,

{ "b" : "7FBC9DF8A000", "path" : "/lib64/libnspr4.so", "elfType" : 3, "buildId" : "051956498509E67F79215B76781C1AA0504EB5D5" }

,

{ "b" : "7FBC9DD3D000", "path" : "/lib64/libgssapi_krb5.so.2", "elfType" : 3, "buildId" : "0CAEC124D97114DA40DDEB0FED1FAD5D14C3D626" }

,

{ "b" : "7FBC9DA54000", "path" : "/lib64/libkrb5.so.3", "elfType" : 3, "buildId" : "4EBF28968DA5784ED6606BFF7C1915C50AC24502" }

,

{ "b" : "7FBC9D821000", "path" : "/lib64/libk5crypto.so.3", "elfType" : 3, "buildId" : "5FF9D1075A8D5D62F77F5CE56C935FCD92C62EFA" }

,

{ "b" : "7FBC9D61D000", "path" : "/lib64/libcom_err.so.2", "elfType" : 3, "buildId" : "2ADDB65846A50CE45F0C9B62EA35DDA62C6AD7A2" }

,

{ "b" : "7FBC9D40E000", "path" : "/lib64/liblber-2.4.so.2", "elfType" : 3, "buildId" : "8804516A3226CFB54589FEC0E27D89C93DAF92FF" }

,

{ "b" : "7FBC9D1B9000", "path" : "/lib64/libldap-2.4.so.2", "elfType" : 3, "buildId" : "C9414F20B30965A695CA00FCD957D286B6DBCA94" }

,

{ "b" : "7FBC9CFA3000", "path" : "/lib64/libz.so.1", "elfType" : 3, "buildId" : "B04855870B0DE434F354DE3147230F2677200B56" }

,

{ "b" : "7FBC9CD3E000", "path" : "/lib64/libbwrap.so.1", "elfType" : 3, "buildId" : "3C0925C82D600DA15C02081974B724BE73D9BA95" }

,

{ "b" : "7FBC9CB2E000", "path" : "/lib64/libkrb5support.so.0", "elfType" : 3, "buildId" : "779381063DAECC27E8480C8F79F0651162586478" }

,

{ "b" : "7FBC9C92A000", "path" : "/lib64/libkeyutils.so.1", "elfType" : 3, "buildId" : "2E01D5AC08C1280D013AAB96B292AC58BC30A263" }

,

{ "b" : "7FBC9C70D000", "path" : "/lib64/libsasl2.so.3", "elfType" : 3, "buildId" : "E2F2017F821DD1B9D307DA1A9B8014F2941AEB7B" }

,

{ "b" : "7FBC9C4E6000", "path" : "/lib64/libselinux.so.1", "elfType" : 3, "buildId" : "903A0BD0BFB4FEE8C284F41BEB9773DED94CBC52" }

,

{ "b" : "7FBC9C2AF000", "path" : "/lib64/libcrypt.so.1", "elfType" : 3, "buildId" : "97BE6F9199FED4491B00AA91F7E6EACC4D5328F7" }

,

{ "b" : "7FBC9C04D000", "path" : "/lib64/libpcre.so.1", "elfType" : 3, "buildId" : "9CA3D11F018BEEB719CDB34BE800BF1641350D0A" }

,

{ "b" : "7FBC9BE4A000", "path" : "/lib64/libfreebl3.so", "elfType" : 3, "buildId" : "020C788B41DCC71AEE66B822D7670BC4347DA006" }

,

{ "b" : "7FBC9BBFB000", "path" : "/usr/lib64/bwrap-1.3.4/libcryptocme.so", "elfType" : 3, "buildId" : "570E5497F975A4766C1ABC3568D42148F0BFD0C4" }

,

{ "b" : "7FBC9B9F6000", "path" : "/usr/lib64/bwrap-1.3.4/libccme_error_info.so", "elfType" : 3, "buildId" : "AECB485520401C60F80C8DF27652424815903E7C" }

,

{ "b" : "7FBC9B7F1000", "path" : "/usr/lib64/bwrap-1.3.4/libccme_aux_entropy.so", "elfType" : 3, "buildId" : "84046E49CE77C6BBE12636E296C043299DBD5F2D" }

,

{ "b" : "7FBC9B54E000", "path" : "/usr/lib64/bwrap-1.3.4/libccme_base.so", "elfType" : 3, "buildId" : "DCD7319FC736BEC8C3801D8AE7A1412512055E54" }

,

{ "b" : "7FBC9B2C8000", "path" : "/usr/lib64/bwrap-1.3.4/libccme_asym.so", "elfType" : 3, "buildId" : "415FABF1661FEA5AC29CF8B45D57CEF3D147C075" }

,

{ "b" : "7FBC9B003000", "path" : "/usr/lib64/bwrap-1.3.4/libccme_ecc_accel_fips.so", "elfType" : 3, "buildId" : "FDFB0B6CA23B074B0BE2A9CFDAC77C66227E89E0" }

,

{ "b" : "7FBC9AD51000", "path" : "/usr/lib64/bwrap-1.3.4/libccme_ecc.so", "elfType" : 3, "buildId" : "5B5693827F97DA19C4A18095366FD9A243CE94AE" }

,

{ "b" : "7FBC9AAB6000", "path" : "/usr/lib64/bwrap-1.3.4/libccme_base_non_fips.so", "elfType" : 3, "buildId" : "244F5F0745D57C1A0ABBEB6734019B8293C4AABB" }

,

{ "b" : "7FBC9A7F9000", "path" : "/usr/lib64/bwrap-1.3.4/libccme_ecc_accel_non_fips.so", "elfType" : 3, "buildId" : "23698EA3AE5BCDC01C245C96B0C520638FC478B8" }

,

{ "b" : "7FBC9A595000", "path" : "/usr/lib64/bwrap-1.3.4/libccme_ecc_non_fips.so", "elfType" : 3, "buildId" : "4183AD41AE4AC5F1F359832F3524AF0FF6991F1D" }

] }}
mongod(_ZN5mongo15printStackTraceERSo+0x41) [0x5652a195b211]
mongod(+0x291A83C) [0x5652a195a83c]
mongod(+0x291AA20) [0x5652a195aa20]
libpthread.so.0(+0xF630) [0x7fbc9f7f7630]
libccme_base.so(+0x3F35C) [0x7fbc9b58d35c]
----- END BACKTRACE -----

One observation is that it crashes only if MongoDB is configured with SSL. Below is the config snippet of MongoDB. If I download MongoDB and use it with default config (without any SSL), it works fine.

systemLog:
  destination: file
  path: /var/log/mongodb/mongod.log
  logAppend: true
  logRotate: reopenstorage:
  dbPath: /var/netwitness/mongo
  journal:
    enabled: true
  wiredTiger:
    engineConfig:
      cacheSizeGB: 16processManagement:
  fork: true  # fork and run in background
  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile
  timeZoneInfo: /usr/share/zoneinfonet:
  bindIp: 0.0.0.0
  port: 27017
  ssl:
    mode: preferSSL
    PEMKeyFile: /etc/pki/nw/mongo/mongod-combined.pem
    CAFile: /etc/pki/nw/trust/truststore.pem
    disabledProtocols: TLS1_0,TLS1_1
    allowConnectionsWithoutCertificates: true
    allowInvalidCertificates: false
    allowInvalidHostnames: truesetParameter:
  opensslCipherConfig: TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL:!3DES:@STRENGTH
  opensslDiffieHellmanParameters: /etc/pki/nw/mongo/dhparams-rfc5114-3.pem
  # This is a non-public MongoDB parameter; https://jira.mongodb.org/browse/SERVER-23768
  internalQueryExecMaxBlockingSortBytes: 134217728security:
  authorization: enabled

Details

Description

Attachments

Activity

People

Dates