[SERVER-14268] Potential information leak Created: 16/Jun/14  Updated: 21/Apr/17  Resolved: 30/Jul/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.4.11, 2.6.4, 2.7.5

Type: Bug Priority: Major - P3
Reporter: Daniel Medina (Inactive) Assignee: Mark Benvenuto
Resolution: Done Votes: 0
Labels: asp, asp-sdl-internal, asp-vuln-infoleak, asp-vuln-mem, community-team
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Tested
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Sprint: Server 2.7.3, Server 2.7.4, Server 2.7.5
Participants:

 Description   
Issue Status as of Aug 08, 2014

ISSUE SUMMARY
Using a specially crafted message, a remote user could obtain a limited amount of information from the server heap memory.

USER IMPACT
Potentially sensitive information could be disclosed from the server.

WORKAROUNDS
Implement MongoDB Security Best Practices and ensure access to the database server is restricted.

AFFECTED VERSIONS
MongoDB production releases up to 2.6.3 are affected by this issue.

FIX VERSION
The fix is included in the 2.6.4 production release.

RESOLUTION DETAILS
The response sent by the server returns only validated data.



 Comments   
Comment by Githook User [ 14/Aug/14 ]

Author:

{u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}

Message: SERVER-14268: Backport from 2.6 to 2.4 - disable test
Branch: v2.4
https://github.com/mongodb/mongo/commit/cefb0ef38f050b73b2bf8211add55f3749753e0a

Comment by Githook User [ 14/Aug/14 ]

Author:

{u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}

Message: SERVER-14268: Backport from 2.6 to 2.4
Branch: v2.4
https://github.com/mongodb/mongo/commit/9105b69e1ded5b7d0d384d574103b0ee6bbb6122

Comment by Githook User [ 30/Jul/14 ]

Author:

{u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}

Message: SERVER-14268: Improve server message parsing

(cherry picked from commit dac9ac4a46348a67296b8b3ff11c58e522bd1b0b)
Branch: v2.6
https://github.com/mongodb/mongo/commit/1a0a49598d036c68c111cd04ac48655437dd6f83

Comment by Githook User [ 30/Jul/14 ]

Author:

{u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}

Message: SERVER-14268: Improve server message parsing
Branch: master
https://github.com/mongodb/mongo/commit/dac9ac4a46348a67296b8b3ff11c58e522bd1b0b

Generated at Thu Feb 08 03:34:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.