[SERVER-17521] improve createIndex validation of empty name Created: 10/Mar/15  Updated: 07/Jun/17  Resolved: 10/Mar/15

Status: Closed
Project: Core Server
Component/s: Index Maintenance
Affects Version/s: 3.0.0
Fix Version/s: 3.0.1, 3.1.0

Type: Bug Priority: Major - P3
Reporter: Eliot Horowitz (Inactive) Assignee: Eliot Horowitz (Inactive)
Resolution: Done Votes: 0
Labels: ET, asp, asp-cve, asp-sdl-reported, asp-vuln-dos
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Participants:

 Description   
Issue Status as of Mar 27, 2015

ISSUE SUMMARY
MongoDB is susceptible to a denial of service (crash) due to failure to check for missing value.

When running with authentication, an attacker needs to be successfully authenticated into MongoDB and have write access to a database to be able to exploit this vulnerability.

USER IMPACT
Remote attackers may cause a denial of service (crash).

WORKAROUNDS
N/A

AFFECTED VERSIONS
MongoDB 3.0.0 is affected by this issue.

FIX VERSION
The fix is included in the 3.0.1 production releases.

RESOLUTION DETAILS
Improve validation of affected field.

ADDITIONAL INFORMATION
This vulnerability was discovered by Xiaopeng Zhang of Fortinet's FortiGuard Labs.

CVE-2015-2705 has been designated for this issue. We rate this issue with a CVSS of 6.8

Users may reduce their exposure by limiting network access to the server. See the MongoDB Security documentation page for more information on recommended security practices for your MongoDB deployment.



 Comments   
Comment by Githook User [ 10/Mar/15 ]

Author:

{u'username': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'}

Message: SERVER-17521: improve createIndex validation of empty name

(cherry picked from commit 245ff2fcb2e01f549ae1b0e7aa0716dcdce8765d)
Branch: v3.0
https://github.com/mongodb/mongo/commit/cd340fc70c2885c35b6e56b11dbcf7aaca011085

Comment by Githook User [ 10/Mar/15 ]

Author:

{u'username': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'}

Message: SERVER-17521: improve createIndex validation of empty name
Branch: master
https://github.com/mongodb/mongo/commit/245ff2fcb2e01f549ae1b0e7aa0716dcdce8765d

Generated at Thu Feb 08 03:44:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.